According to a security advisory, libcurl is affected by a couple of issues, one of them might cause the leakage of authentication data to third parties. The problem is related to the way it handles custom headers in HTTP requests. The second issue, CVE-2018-1000007, is described as an HTTP/2 trailer out-of-bounds read vulnerability tracked as CVE-2019-100, the patch was published on GitHub. Affected versions are libcURL 7.1 to and including 7.57.0, later versions (7.58.0) are not affected.”]
Source: http://securityaffairs.co/wordpress/68205/hacking/libcurl-authentication-leak-bug.html