I have read about deserialization attacks recently and I wonder how does Spring prevent JSON injections. For example let’s consider a request body of a post request, we can instantiate an arbitrary malicious class and execute commands on the server. Are there any mechanisms that check for malicious behavior?
I expect Jackson or other libraries solved these kind of problems.