The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 exposes controller methods even when an @expose decoration is not used, which has unspecified impact and attack vectors.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Turbogears2 | Turbogears | * | 2.1b2 (including) |
| Turbogears2 | Turbogears | 1.9.7a2 (including) | 1.9.7a2 (including) |
| Turbogears2 | Turbogears | 1.9.7a3 (including) | 1.9.7a3 (including) |
| Turbogears2 | Turbogears | 1.9.7a4 (including) | 1.9.7a4 (including) |
| Turbogears2 | Turbogears | 1.9.7b1 (including) | 1.9.7b1 (including) |
| Turbogears2 | Turbogears | 1.9.7b2 (including) | 1.9.7b2 (including) |
| Turbogears2 | Turbogears | 2.0-rc1 (including) | 2.0-rc1 (including) |
| Turbogears2 | Turbogears | 2.0.1 (including) | 2.0.1 (including) |
| Turbogears2 | Turbogears | 2.0b1 (including) | 2.0b1 (including) |
| Turbogears2 | Turbogears | 2.0b2 (including) | 2.0b2 (including) |
| Turbogears2 | Turbogears | 2.0b3 (including) | 2.0b3 (including) |
| Turbogears2 | Turbogears | 2.0b4 (including) | 2.0b4 (including) |
| Turbogears2 | Turbogears | 2.0b5 (including) | 2.0b5 (including) |
| Turbogears2 | Turbogears | 2.0b6 (including) | 2.0b6 (including) |
| Turbogears2 | Turbogears | 2.0b7 (including) | 2.0b7 (including) |
| Turbogears2 | Turbogears | 2.1a1 (including) | 2.1a1 (including) |
| Turbogears2 | Turbogears | 2.1a2 (including) | 2.1a2 (including) |
| Turbogears2 | Turbogears | 2.1a3 (including) | 2.1a3 (including) |
| Turbogears2 | Turbogears | 2.1b1 (including) | 2.1b1 (including) |
| Turbogears2 | Ubuntu | upstream | * |