A flaw was found in jackson-databind 2.x prior to version 188.8.131.52. The interaction between serialization gadgets and typing is mishandled in the bus-proxy. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
The following conditions are needed for an exploit, we recommend avoiding all if possible
Deserialization from sources you do not control