An attacker supplies a value to the target application which is then used
						by reflection methods to identify a class, method, or field. For example, in
						the Java programming language the reflection libraries permit an application
						to inspect, load, and invoke classes and their components by name. If an
						attacker can control the input into these methods including the name of the
						class/method/field or the parameters passed to methods, they can cause the
						targeted application to invoke incorrect methods, read random fields, or
						even to load and utilize malicious classes that the attacker created. This
						can lead to the application revealing sensitive information, returning
						incorrect results, or even having the attacker take control of the targeted
						application.