Dear,
I had faced this issue with our security team providing with Vulnerability finding on curl
Work around that is done from our end that solved the VA finding was to remove curl totally
Steps:
Go to the folder having curl.exe
in our case it was c:\Windows\SysWOW64\curl.exe
Right click curl.exe - Properties - Security (tab) - Advanced - Change the Owner (from trustedInstaller) to Everyone - Apply
Continue by Clicking Edit on Security Permissions - Click Add - select/add Everyone and allow all permissions - Apply
now Everyone has permission to edit or delete the curl.exe
you can delete the curl.exe and finding wont appear
Hope the solution is helpful
thanks