CVE

CVE-2017-5638

2field notes · 0digests

Field notes

Analysis · Jun 18, 2026 · Colten Anderson
Two Struts CVEs, one incomplete fix, and the enterprise Java visibility problem
CVE-2023-50164 and CVE-2024-53677 hit the same file upload component in Apache Struts, a year apart. The second arrived because the fix for the first didn't go far enough. The real exposure is organizations that don't know where Struts lives in their stack.
Analysis · May 1, 2026 · Colten Anderson
The feedback loop is broken
Executives keep making the same categories of bad IT decisions because the consequences land on operators, not decision-makers. The pattern is structural, not accidental.