Turbogears Turbogears2 — known CVE vulnerabilities
Every CVE whose affected-product data names Turbogears Turbogears2, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2009-5014 — CVSS 7.5 (high): The default quickstart configuration of TurboGears2 (aka tg2) before 2.0.2 has a weak cookie salt, which makes it easier for remote…
CVE-2009-5015 — CVSS 7.5 (high): The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 exposes controller methods even when an @expose decoration is not used…