book a demo

Posts in:

Java

QL

Finding Insecure Deserialization in Java

Our security research team discovered insecure deserialization in Java, specifically in an Apache Struts vulnerability. In this tutorial, learn how you can find java deserialization vulnerabilities using Semmle QL.
September 12, 2019
QL

In-memory data grid applications: Finding common Java deserialization vulnerabilities with QL

In-memory data grid applications often make heavy use of serialization to transfer data. Our security researchers look at Java deserialization vulnerabilities in Apache Geode, Red Hat Infinispan, Ignite, and Hazelcast.
September 05, 2019
QL

Insecure Deserialization: Finding Java Vulnerabilities with QL

Deserialization of untrusted data can lead to vulnerabilities that allow an attacker to execute arbitrary code. We can use QL, the query language of LGTM, to find such deserialization vulnerabilities.
July 02, 2019
SECURITY

OGNL Apache Struts exploit: Weaponizing a sandbox bypass (CVE-2018-11776)

November 21, 2018
NEWS

Apache Struts 2: Remote Code Execution Vulnerability

October 04, 2018
QL

Apache Struts double evaluation RCE lottery

October 04, 2018
QL

OGNL injection in Apache Struts: Discovering exploits with taint tracking

September 24, 2018
QL

CVE-2018-11776: How to find 5 RCEs in Apache Struts with Semmle QL

August 22, 2018
QL

CVE-2017-8046 exploit: Remote code execution affecting Pivotal Spring projects

March 01, 2018
QL

Spring Data REST exploit (CVE-2017-8046): Finding a RCE vulnerability with QL

The query language that forms the foundation of LGTM's code analysis makes it very easy to find new security vulnerabilities and variants of it. In this post we look at Spring Data REST, and how QL helped making sure a remote code execution vulnerabi…
March 01, 2018
QL

Android deserialization vulnerabilities: A brief history

This post describes some past Android deserialization vulnerabilities that exploited C++ pointers wrapped inside Java objects. Using a single QL query, we can find the classes responsible for them with great precision.
February 02, 2018
QL

Castor and Hessian java deserialization vulnerabilities

January 17, 2018
QL

XXE attack example using jBoss vulnerability (jBPM) CVE-2017-7545

December 19, 2017
QL

Restlet XXE vulnerability (CVE-2017-14949)

October 17, 2017
QL

Swagger YAML parser vulnerability (CVE-2017-1000207 and CVE-2017-1000208)'

October 11, 2017
QL

Restlet XML External Entity Expansion Vulnerability (CVE-2017-14868)

October 02, 2017
QL

Spring AMQP Exploit (CVE-2017-8045): Remote Code Execution Vulnerability

September 20, 2017
QL

CVE-2017-9805: How QL found a remote code execution vulnerability in Apache Struts

September 05, 2017