...
Accepting tainted inputs from untrusted code can further exacerbate the issue. The single argument Class.fornameforName() method is another example of an API that uses its immediate caller's class loader to load a desired class. Untrusted code can indirectly misuse this API to manufacture classes with the same privileges as those of the immediate caller.
...