...
The untrusted code attempts to acquire a lock on the object's monitor and upon succeeding, introduces an indefinite delay that prevents the synchronized changeValue() method from acquiring the same lock. Note that the attacker intentionally violates CON20CON25-J. Do not perform operations that may block while holding a lock in the untrusted code.
...
A compliant solution must comply with CON12-J. Synchronize access to static fields that may be modified by untrusted code. However, the attacker intentionally violates CON20CON25-J. Do not perform operations that may block while holding a lock in the untrusted code.
...