### Key Information Summary - **Vulnerability Type**: Unsafe YAML Deserialization - **Impact Scope**: Arbitrary code execution occurs when a maliciously crafted YAML file exists in the same directory as PyDrive2 runs, or when loaded via `LoadSettingsFile`. - **Affected Versions**: 1.17.0, <= 1.16.1 - **Fixed Version**: 1.16.2 - **CVE ID**: CVE-2023-49297 - **CVSS v3 Score**: 3.3/10 (Low) - **Security Level**: Low - **Attack Vector**: Local - **Attack Complexity**: Low - **Required Privileges**: None - **User Interaction**: Required - **Scope**: Unchanged - **Confidentiality Impact**: Low - **Integrity Impact**: None - **Availability Impact**: None - **Weakness**: CWE-502 ### Core Code Issue ```python from yaml import CLoader as Loader def LoadSettingsFile(filename=SETTINGS_FILE): ... try: with open(filename) as stream: data = load(stream, Loader=Loader) ... ``` **Issue**: Uses the insecure `CLoader` loader, which allows arbitrary Python code embedded in YAML files to be executed. ### Proof of Concept (PoC) 1. Create a malicious `settings.yaml` file containing arbitrary code. 2. Initialize a `GoogleAuth` object. 3. Execute the code in the same directory as the malicious YAML file — the code within the YAML file will be automatically executed. ### Impact This deserialization attack affects any user who initializes a `GoogleAuth` object, provided a malicious YAML file exists in the same directory. Since the risk does not require direct code-based file loading, the mere presence of the file introduces additional risk.