It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.
Add authentication and authorization to any Resteasy endpoint which doesn't define a mime type, or defines a multipart mime type.