...
Untrusted code that has the ability to create an instance of the class or has access to an already created instance can invoke the wait() method on the publicly accessible lock. This causes the lock in the changeValue() method to be released immediately. Furthermore, if the method invokes lock.wait() from its body and does not test a condition predicate, it will be vulnerable to malicious notifications. (See CON18CON22-J. Always invoke wait() and await() methods inside a loop for more information.)
...