Turbogears2
by Turbogears
CVEs (2)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2009-5015 | 0.00 | — | 0.00 | Nov 6, 2010 | The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 exposes controller methods even when an @expose decoration is not used, which has unspecified impact and attack vectors. | ||
| CVE-2009-5014 | 0.00 | — | 0.00 | Nov 6, 2010 | The default quickstart configuration of TurboGears2 (aka tg2) before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852. |
- CVE-2009-5015Nov 6, 2010risk 0.00cvss —epss 0.00
The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 exposes controller methods even when an @expose decoration is not used, which has unspecified impact and attack vectors.
- CVE-2009-5014Nov 6, 2010risk 0.00cvss —epss 0.00
The default quickstart configuration of TurboGears2 (aka tg2) before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852.