A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.
The following conditions are needed for an exploit, we recommend avoiding all if possible
enableDefaultTyping()
@JsonTypeInfo using
id.CLASSor
id.MINIMAL_CLASS`