[keycloak-user] [keycloak-users] [jackson-databind] is default typing enabled in keycloak

Shiva Prasad Thagadur Prakash shivaprasadtp8 at gmail.com
Tue Jul 2 03:18:29 EDT 2019


Hi guys,
I was looking into CVE-2019-12814 and CVE-2019-12086. These are related to
default typing in jackson-databind. *Is default typing enabled in keylock?*
When I searched in code base I didn't see it enabled but I wanted to be
sure and hence mailed you guys!

Thanks,
Shiva


More information about the keycloak-user mailing list