Sensitive information about expected and actual reading lengths (len, got) is leaked from TIOStreamTransport to TTransport through a TTransportException

Operations: During Apache Thrift integration testing, I developed a calculator application with a client and a server. The client sent a computational command and get the result from the server. After I applied dynamic taint analyzer (distTaint), I found bugs from taint paths finally.

The source: org.apache.thrift.transport.TIOStreamTransport:
public int read(byte[] buf, int off, int len) throws TTransportException {
if (inputStream_ == null)

{ throw new TTransportException(TTransportException.NOT_OPEN, "Cannot read from null inputStream"); }

int bytesRead;
......
bytesRead = inputStream_.read(buf, off, len);
......
}

The sink: org.apache.thrift.transport.TTransport,
public int readAll(byte[] buf, int off, int len)
throws TTransportException {
......
if (ret <= 0)

{ throw new TTransportException( "Cannot read. Remote side has closed. Tried to read " + len + " bytes, but only got " + got + " bytes. (This is often indicative of an internal error on the server side. Please check your server logs.)"); }

......
}
Sensitive information about expected and actual reading lengths (len, got) is leaked.
The tainted path:
org.apache.thrift.transport.TIOStreamTransport -->
org.apache.thrift.transport.TTransport

I am going to submit a CVE, so please confirm this is not a true positive.