...
Additionally, hostile code from any other package can exploit this vulnerability if the class is accessible. (For more information, see CON04CON07-J. Use private final lock objects to synchronize classes that may interact with untrusted code.)
...
For more information on using an Object as a lock, see CON04CON07-J. Use private final lock objects to synchronize classes that may interact with untrusted code.
...