An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization…
Link: http://feeds.security-database.com/~r/Last100Alerts/~3/x9PaI-2j9_A/detail.php