dmlc/dgl Vulnerable to Remote Code Execution by Pickle Deserialization via rpc.recv_request()
Dgl implements rpc server (start_server() in rpc_server.py) for supporting the RPC communications among different remote users over networks. It relies on pickle serialize and deserialize to pack and unpack network messages. The is a known risk in pickle deserialization functionality that can be used for remote code execution.