If you use @JsonSubTypes you almost certainly are NOT affected: it is used with type names…

JsonSubTypes is commonly used.
1
眭文峰
@cowtowncoder
·Follow
Dec 30, 2020
--
If you use @JsonSubTypes you almost certainly are NOT affected: it is used with type names (arbitrary Strings), as the safe alternative to class names. Vulnerability is only possible of class names are used as type ids.
I hope this helps.
--
--
Written by @cowtowncoder520 Followers
·21 Following
Open Source developer, most known for Jackson data processor (nee “JSON library”), author of many, many other OSS libraries for Java, from ClassMate to Woodstox
No responses yet
Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams