curl_cffi is potentially affected by High Severity vulnerability (CVE-2023-38545) in libcurl<8.4.0
HIGH severity vulnerability in curl and libcurl: announcement Details are still unknown, but seems it will be a major issue as it's advertised by curl devs as "probably the worst curl security flaw in a long time". A patched version (8.4.0) and details will be published around 06:00 UTC on October 11. curl_cffi wheels on PyPI ship with libcurl 7.84.0
Versions after 0.7 bundles with libcurl>=8.5
, which is not affected by this issue.