The host is running a version of cURL/libcurl that is vulnerable to an information disclosure attack vector.
Versions of cURL and libcurl prior to 7.49.0 are affected by a flaw as TLS certificates are not properly validated. By spoofing the TLS/SSL server via a certificate that appears valid, an attacker with the ability to intercept network traffic (e.g. MitM, DNS cache poisoning) can disclose and optionally manipulate transmitted data.
Upgrade to cURL/libcurl 7.49.0 or later.