...
In this noncompliant code snippet, the private field i of class C (i) can be accessed from class reflection ReflectionExample. Method makeAccessible accepts fieldName as input which can be supplied by untrusted code. This is dangerous because despite the untrusted code not having the same capabilities as that of the immediate caller, it is allowed to carry out sensitive operations.
...