• Billion Laughs attack via alias https://en.wikipedia.org/wiki/Billion_laughs_attack - SnakeYAML me tha
• ReDos - regular expression DOS
• RCE via data binding
• triggering infinite loops
• memory allocations
• https://www.hertzbleed.com/