mod-erm-usage-counter50 has com.squareup.retrofit2:email@example.com dependency that has com.squareup.okhttp3:firstname.lastname@example.org dependency.
All okhttp 3.x.y versions have an Information Exposure vulnerability when there's an illegal character in a header: https://security.snyk.io/vuln/SNYK-JAVA-COMSQUAREUPOKHTTP3-2958044
The retrofit maintainers won't upgrade from okhttp 3 to 4: https://github.com/square/retrofit/pull/3767
Please investigate whether mod-eusage-counter50 is affected by this vulnerability. If not please explain why and close this Jira as "Won't do".
If mod-eusage-counter50 is affected please make a fix (sanitize header, or replace retrofit with some other library, or ...).