A librepo bugfix update has been released for CentOS 7.

CentOS-announce: CESA-2020:5012 Moderate CentOS 7 librepo Security Update

CentOS Errata and Security Advisory 2020:5012 Moderate

Upstream details at :   https://access.redhat.com/errata/RHSA-2020:5012

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

x86_64:
8a0bacc73339833881bc5ae7fa62eafa7a9c0011b40065f3a69fb02d298f29d6 librepo-1.8.1-8.el7_9.i686.rpm
1eb2e0f2ab532fc7491714b9d8dae34bf6977843c4b9649fe0509d2fc7dc3b59 librepo-1.8.1-8.el7_9.x86_64.rpm
6263d570ddf0f6cf0247a3e7266a7aa7caae795462727dbb4d747261bc4aa1be librepo-devel-1.8.1-8.el7_9.i686.rpm
dd5402f5bb60ada1db63c1305e3650e8804adcacfb1557affb8623621fd83155 librepo-devel-1.8.1-8.el7_9.x86_64.rpm
9db782d6307662cc280b48dbb9d5908c853c6f93c0175937ebbebb1942d0dbf1 python-librepo-1.8.1-8.el7_9.x86_64.rpm

Source:
63edcffa1095b1a196c843267ba15077b216ea4bf5d97aa98d1d55bb1f6494ba librepo-1.8.1-8.el7_9.src.rpm