In my case api response doesn’t have confidential data or unwanted data, but in checkmarx report it’s showing many number of Excessive Data Exposure vulnerabilities. I have convert data into DTO and send it as response.