https://bugzilla.redhat.com/show_bug.cgi?id=1821311
--- Comment #10 from Riccardo Schirone rschiron@redhat.com --- Mitigation:
The following conditions are needed for an exploit, we recommend avoiding all if possible * Deserialization from sources you do not control * `enableDefaultTyping()` * `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`