JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site scrip inclusion (XSSI) attack.