Hello @pravorskyi,
Welcome to the community and thank you to bringing this to our attention!
After investigation, we consider ourselves not vulnerable as we encode in base64 the authorization header, hence avoiding passing illegal characters to the request.
We however plan to upgrade to okhttp4 in the next versions to keep up to date.