xmlinputfactory-possible-xxe
do-privileged-use
httpservlet-path-traversal
jackson-unsafe-deserialization
$JSON
it might be possible to provide a malicious JSON which can be used to exploit unsecure deserialization. In order to prevent this issue, avoid to enable default typing (globally or by using “Per-class” annotations) and avoid using Object
and other dangerous types for member variable declaration which creating classes for Jackson based deserialization.insecure-jms-deserialization
servletresponse-writer-xss
xmlinputfactory-external-entities-enabled
use-snakeyaml-constructor