CVE-2023-0833 5.5 Generation of Error Message Containing Sensitive Information vulnerability with Medium severity found

[ben221199]

When using the following Maven depency (this package), I get a CVE warning in my IDE:

<dependency>
	<groupId>com.github.jasminb</groupId>
	<artifactId>jsonapi-converter</artifactId>
	<version>0.13</version>
</dependency>

The CVE warning is the following:

CVE-2023-0833 5.5 Generation of Error Message Containing Sensitive Information vulnerability with Medium severity found

This is likely because of the following package:

maven:com.squareup.okhttp3:okhttp:3.12.0

[jasminb]

There is still no stable version that fixes the CVE, s the impact is not high, I will have to wait until we get a stable okhttp release to upgrade to.

[ben221199]

Thanks for letting me know. I will wait too then. :D

[jasminb]

You can also try excluding the problematic artefact as well in the interim.