# Apache Struts CVE-2018-11776

[Blog post](https://github.blog/category/security/apache-struts-CVE-2018-11776/)

[This snapshot](https://github.com/github/securitylab/releases/download/apache-struts-CVE-2018-11776-codeql-database/apache-struts-7fd1622-CVE-2018-11776.zip) has the bug.

The queries in this directory are slightly simplified to make the demo easier to follow. As a result, they don't find as many variants as the query described in the blog post. The full query can be found [here](https://github.com/Semmle/SecurityQueries/blob/e5c2be7d5eec46cd5a4a8ebdbe8cb63be2e36665/semmle-security-java/queries/struts/cve_2018_11776/final.ql).

# Suggested workflow

* First run the [final query](https://github.com/Semmle/SecurityQueries/blob/e5c2be7d5eec46cd5a4a8ebdbe8cb63be2e36665/semmle-security-java/queries/struts/cve_2018_11776/final.ql).
** Show the result in the path viewer.
* Show how to build a similar query step by step.
** We will build a slightly simplified version of the query, so it won't find as many results, but it still finds one of the RCEs.