Deserialization Of Untrusted Data
com.hubspot.jinjava, jinjava is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to use of mapper.getTypeFactory.constructFromCanonical which allows the underlying ObjectMapper to deserialize attacker-controlled input into arbitrary classes...
