{
  "schema_version": "1.4.0",
  "id": "GHSA-3x5x-fw77-g54c",
  "modified": "2025-03-05T19:50:09Z",
  "published": "2025-03-05T19:50:09Z",
  "aliases": [],
  "summary": "dmlc/dgl Vulnerable to Remote Code Execution by Pickle Deserialization via rpc.recv_request()",
  "details": "### Impact\nDgl implements rpc server (start_server() in rpc_server.py) for supporting the RPC communications among different remote users over networks. It relies on pickle serialize and deserialize to pack and unpack network messages. The is a known risk in pickle deserialization functionality that can be used for remote code execution.\n\n### Patches\nTBD.\n\n### Workarounds\nWhen running DGL distributed training and inference (DistDGL) make sure you do not assign public IPs to any instance in the cluster.\n\n### References\nIssue #7874\n\n### Reported by\nPinji Chen ([cpj24@mails.tsinghua.edu.cn](mailto:cpj24@mails.tsinghua.edu.cn)) from NISL lab (https://netsec.ccert.edu.cn/about) at Tsinghua University",
  "severity": [
    {
      "type": "CVSS_V4",
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "dgl"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.4.0"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/dmlc/dgl/security/advisories/GHSA-3x5x-fw77-g54c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dmlc/dgl/issues/7874"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/dmlc/dgl"
    }
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-05T19:50:09Z",
    "nvd_published_at": null
  }
}