Hello, I think it would be appropriate to update the Impact of Vulnerability to indicate that this issue could be used for remote code execution. The conversation in the Jackson Project Issues: https://github.com/FasterXML/jackson-databind/issues/1599 and articles such as https://adamcaudill.com/2017/10/04/exploiting-jackson-rce-cve-2017-7525/ make this fairly clear.
Users might be more concerned if the potential impact was more clearly identified. Thanks, Darrell Ambro CISSP, CSSLP, GWAPT Cyber Security Research Scientist Technical Lead - Dynamic Application Security Testing Wells Fargo Cyber Threat Management
