...
Additionally, hostile code from any other package can exploit this vulnerability, if the class is accessible. (For more information, see guideline rule LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code.)
...
For more information on using an Object as a lock, see guideline rule LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code.
...
Any vulnerabilities resulting from the violation of this guideline rule are listed on the CERT website.
...