A flaw was found in libcurl from versions 7.29.0 through 7.71.1. An application that performs multiple requests with libcurl’s multi API, and sets the CURLOPT_CONNECT_ONLY
option, might experience libcurl using the wrong connection. The highest threat from this vulnerability is to data confidentiality.