GHSA-3x5x-fw77-g54c: 
Python vulnerability analysis and mitigation

The vulnerability (GHSA-3x5x-fw77-g54c) affects dmlc/dgl, a deep learning library, and involves a Remote Code Execution vulnerability through Pickle deserialization in the rpc.recv_request() function. The issue was discovered and reported by Pinji Chen from NISL lab at Tsinghua University and was published on March 5, 2025. The vulnerability affects all versions up to and including 2.4.0, with no patched versions currently available (GitHub Advisory).

The vulnerability exists in the RPC server implementation (startserver() in rpcserver.py) which is used for RPC communications between remote users over networks. The core issue lies in the rpc.recvrequest() function, which calls recvrpcmessage() and deserializefrom_payload(), utilizing pickle.loads() to deserialize received messages without proper sanitization. The vulnerability has been assigned a CVSS v4.0 score of 8.9 (High), with base metrics indicating Network attack vector, Low attack complexity, and No privileges required (GitHub Advisory).

The vulnerability allows attackers to execute arbitrary code on the victim's machine through the RPC server. When successfully exploited, it can lead to complete system compromise with high impact on confidentiality, integrity, and availability of the vulnerable system (GitHub Advisory, GitHub Issue).

As a temporary workaround, users running DGL distributed training and inference (DistDGL) should ensure that no public IPs are assigned to any instance in the cluster. Additional recommended mitigations include sanitizing RPCMessage.data before pickle.loads, using more secure deserialization methods such as safetensor or msgpack, enabling authentication in RPC services, and implementing warnings when using pickle to load data over the network (GitHub Advisory, GitHub Issue).