Homepage

pyblade@0.1.9

PyBlade is a lightweight template engine for Python, initially designed for Django. Inspired by Laravel's Blade and Livewire, it simplifies dynamic template creation with developer-friendly @-based directives and component support, all while prioritizing security.

  • latest version

    0.2.0

  • latest non vulnerable version

    0.1.7

  • first published

    1 years ago

  • latest version published

    4 months ago

  • licenses detected

  • View pyblade package health on Snyk  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the pyblade package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Incomplete Filtering of Special Elements

    PyBlade is a PyBlade is a lightweight template engine for Python, initially designed for Django. Inspired by Laravel's Blade and Livewire, it simplifies dynamic template creation with developer-friendly @-based directives and component support, all while prioritizing security.

    Affected versions of this package are vulnerable to Incomplete Filtering of Special Elements in the _is_safe_ast function in sandbox.py, and eval() function in evaluator.py during AST validation. An attacker can execute arbitrary code and access sensitive information by injecting specially crafted input into the template engine.

    How to fix Incomplete Filtering of Special Elements?

    There is no fixed version for PyBlade.

    [0.1.8,)
    Go back to all versions of this package