If I follow the description right the vulnerability refers to PHP applications which read, trust, and use HTTP_PROXY
environment value (which might be compromised).
From quick search through WordPress core source code I found no instances of that value being accessed.
Since WP ships its own HTTP client implementation its also not affected by upstream library issues (such as Guzzle example). Though I think Requests library is being merged into core in near future, but it doesn’t seem to be mentioned as vulnerable on that site.
So I would cautiously guess that WordPress core is fine about it. Of course extension space is anything goes.