Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

Page History

Versions Compared

Key

This line was added.
This line was removed.
Formatting was changed.

Comment: changed NCE var names to match the described vuln in Jetty

...

The class object being synchronized must not be accessible to hostile code. If the class is package-private, then external packages may not access the Class object, ensuring its trustworthiness as an intrinsic lock object. For more information, see CON04-J. Use the Synchronize using an internal private lock object idiom instead of the object's intrinsic lock.

Compliant Solution (`Class.forName()`)

...