https://bugzilla.redhat.com/show_bug.cgi?id=1755849
--- Doc Text *updated* by Jonathan Christison <jochrist(a)redhat.com> ---
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic
deserialization of malicious objects using the HikariConfig gadget when used in
conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when
@JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which
ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could
use this flaw to execute arbitrary code.
--
You are receiving this mail because:
You are on the CC list for the bug.