[MEDIUM] Moodle HTTP authorization header is preserved between "emulated redirects"

PKSA-g3r1-2nj3-qn37 CVE-2024-38275 GHSA-p2cj-86v4-7782

Affected package: moodle/moodle

Affected version: <4.1.11|>=4.2.0-beta,<4.2.8|>=4.3.0-beta,<4.3.5|>=4.4.0-beta,<4.4.1

Reported by:
GitHub