
Using QL to find a remote code execution vulnerability in Apache Struts - mossity
https://lgtm.com/blog/apache_struts_CVE-2017-9805
======
mossity
Reading about CVE-2017-9805 it was really interesting to learn that the
company that discovered it was using a Datalog-like language in order to query
Java code for vulnerability patterns.

[https://en.wikipedia.org/wiki/Semmle](https://en.wikipedia.org/wiki/Semmle)

