[MEDIUM] Magento cross-site request forgery (CSRF) vulnerability via the GraphQL API

PKSA-njqv-gp7y-zc74 CVE-2021-21027 GHSA-h4xc-577p-hgj9

Affected package: magento/community-edition

Affected version: >=2.4.0,<2.4.2|<2.3.6-p1

Reported by:
GitHub