Ejedev

**Name of the Vulnerable Software and Affected Versions** PyDrive2 versions prior to 1.16.2 **Description** PyDrive2 is a wrapper library of google-api-python-client that simplifies many common Google Drive API V2 tasks. Unsafe YAML deserialization will result in arbitrary code execution. A maliciously crafted YAML file can cause arbitrary code execution if PyDrive2 is run in the same directory as it, or if it is loaded in via `LoadSettingsFile`. This is a deserialization attack that will affect any user who initializes GoogleAuth from this package while a malicious yaml file is present in the same directory. This vulnerability does not require the file to be directly loaded through the code, only present. **Recommendations** For versions prior to 1.16.2, upgrade to release version 1.16.2 to address the issue. As a temporary workaround, consider avoiding the use of `LoadSettingsFile` or ensuring that no malicious YAML files are present in the same directory as the PyDrive2 execution. Restrict access to the `settings.yaml` file to minimize the risk of exploitation. Avoid using the `CLoader` from the `yaml` library to load user-supplied files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** raptor-web version 0.4.4 **Description** The issue is a reflected cross-site scripting vulnerability in raptor-web, a CMS for game server communities. It allows an attacker to craft a malicious URL that, when clicked by a victim, can execute arbitrary code. The vulnerability is due to a user-controlled URL parameter being loaded into an internal template with autoescape disabled. Any victim who clicks on a maliciously crafted link will be affected. **Recommendations** For version 0.4.4, update to version 0.4.4.1 to resolve the issue. As a temporary workaround, consider restricting access to user-controlled URL parameters until the update can be applied.