curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. (CVE-2020-8286)
Impact
An attacker could provide a forged OCSP response to the F5 product that has made the request with curl, and this fake response could make it appear that a TLS certificate is valid when it may have actually been revoked.