Vulnerabilities > Turbogears
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-11-06 | CVE-2009-5015 | Unspecified vulnerability in Turbogears Turbogears2 The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 exposes controller methods even when an @expose decoration is not used, which has unspecified impact and attack vectors. | 7.5 |
| 2010-11-06 | CVE-2009-5014 | Cryptographic Issues vulnerability in Turbogears Turbogears2 The default quickstart configuration of TurboGears2 (aka tg2) before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852. | 7.5 |