CVE-2009-5015 Information

Description

The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 exposes controller methods even when an @expose decoration is not used which has unspecified impact and attack vectors.

Reference

http://groups.google.com/group/turbogears-announce/msg/09ec26696b1761bb?dmode=source&output=gplain