[HIGH] Moodle Users could elevate their role when accessing the LTI tool on a provider site

PKSA-tsyc-dk7h-qs9g CVE-2019-3849 GHSA-5wg9-5w3f-hxmh

Affected package: moodle/moodle

Affected version: >=3.6,<3.6.3|>=3.5,<3.5.5|<3.4.8

Reported by:
GitHub