[oss-security] CVE-2025-48734: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default
https://www.openwall.com/lists/oss-security/2025/05/28/6I wonder if the now restricted behavior is useful for
#deserialization gadgets (I couldn't find references to declaredClass abuse, but haven't finished my coffee yet either...)?