Deserialization Of Untrusted Data
FasterXML jackson-databind is vulnerable to deserialization of untrusted data. There is a polymorphic typing issue because there are more than one association gadget types related to CXF JAX-RS implementation by default...