VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 6, 2010· Updated Apr 29, 2026

CVE-2009-5015

CVE-2009-5015

Description

The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 exposes controller methods even when an @expose decoration is not used, which has unspecified impact and attack vectors.

Affected products

19
  • Turbogears/Turbogears219 versions
    cpe:2.3:a:turbogears:turbogears2:*:*:*:*:*:*:*:*+ 18 more
    • cpe:2.3:a:turbogears:turbogears2:*:*:*:*:*:*:*:*range: <=2.1b2
    • cpe:2.3:a:turbogears:turbogears2:1.9.7a2:*:*:*:*:*:*:*
    • cpe:2.3:a:turbogears:turbogears2:1.9.7a3:*:*:*:*:*:*:*
    • cpe:2.3:a:turbogears:turbogears2:1.9.7a4:*:*:*:*:*:*:*
    • cpe:2.3:a:turbogears:turbogears2:1.9.7b1:*:*:*:*:*:*:*
    • cpe:2.3:a:turbogears:turbogears2:1.9.7b2:*:*:*:*:*:*:*
    • cpe:2.3:a:turbogears:turbogears2:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:turbogears:turbogears2:2.0b1:*:*:*:*:*:*:*
    • cpe:2.3:a:turbogears:turbogears2:2.0b2:*:*:*:*:*:*:*
    • cpe:2.3:a:turbogears:turbogears2:2.0b3:*:*:*:*:*:*:*
    • cpe:2.3:a:turbogears:turbogears2:2.0b4:*:*:*:*:*:*:*
    • cpe:2.3:a:turbogears:turbogears2:2.0b5:*:*:*:*:*:*:*
    • cpe:2.3:a:turbogears:turbogears2:2.0b6:*:*:*:*:*:*:*
    • cpe:2.3:a:turbogears:turbogears2:2.0b7:*:*:*:*:*:*:*
    • cpe:2.3:a:turbogears:turbogears2:2.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:turbogears:turbogears2:2.1a1:*:*:*:*:*:*:*
    • cpe:2.3:a:turbogears:turbogears2:2.1a2:*:*:*:*:*:*:*
    • cpe:2.3:a:turbogears:turbogears2:2.1a3:*:*:*:*:*:*:*
    • cpe:2.3:a:turbogears:turbogears2:2.1b1:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.