JacksonJsonpInterceptor in RESTEasy might allow remote malicious users to conduct a cross-site script inclusion (XSSI) attack.
redhat resteasy -