[HIGH] Magento LTS's guest order "protect code" can be brute-forced too easily

PKSA-w6px-tkth-7g4y CVE-2023-41879 GHSA-9358-cpvx-c2qp

Affected package: openmage/magento-lts

Affected version: >=20.0.0,<=20.1.0|<=19.5.0

Reported by:
GitHub