CVE-2019-12384
a vulnerability was found in fasterxml jackson-databind up to 2.9.8 (Programming Language Software). It has been rated as critical. Affected by this issue is the function logback-core. The manipulation with an unknown input leads to a deserialization vulnerability. Using CWE to declare the problem leads to CWE-502. The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid. Impacted is confidentiality, integrity, and availability.
Exploit
I found an exploit online