Vulnerabilities (CVE)

Filtered by vendor Turbogears Subscribe
Filtered by product Turbogears2
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-5015 1 Turbogears 1 Turbogears2 2024-11-21 7.5 HIGH N/A
The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 exposes controller methods even when an @expose decoration is not used, which has unspecified impact and attack vectors.
CVE-2009-5014 1 Turbogears 1 Turbogears2 2024-11-21 7.5 HIGH N/A
The default quickstart configuration of TurboGears2 (aka tg2) before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852.