https://bugzilla.redhat.com/show_bug.cgi?id=1821304
--- Comment #9 from Riccardo Schirone rschiron@redhat.com --- Mitigation:
The following conditions are needed for an exploit, we recommend avoiding all if possible * Deserialization from sources you do not control * `enableDefaultTyping()` * `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`