Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionGitHub Advisory
RELATE is a web-based courseware package. Prior to commit d66ba5659b459bf1ba56b7109b5f9ecf197cbefb, RELATE LMS configures its Celery workers to accept and deserialize untrusted 'pickle' data. An attacker who can reach the message broker can execute arbitrary commands on the host server. Combined with missing network isolation in the code execution sandbox, this allows an authenticated student to achieve full Remote Code Execution (RCE) on the host system. Commit d66ba5659b459bf1ba56b7109b5f9ecf197cbefb fixes the issue.
AnalysisAI
Remote code execution in RELATE LMS (the inducer/relate web courseware platform) stems from its Celery task queue being configured to accept and unpickle untrusted messages (CELERY_ACCEPT_CONTENT included "pickle"). Because the code-execution sandbox lacks network isolation, an authenticated student can reach the message broker and deliver a malicious pickle payload that the worker deserializes, yielding arbitrary command execution on the host. No public exploit identified at time of analysis; the issue is corrected in commit d66ba5659b459bf1ba56b7109b5f9ecf197cbefb.
Technical ContextAI
RELATE is a Django-based learning management and courseware system that offloads asynchronous work to Celery workers backed by a message broker (typically Redis or RabbitMQ). The root cause is CWE-502 (Deserialization of Untrusted Data): the setting CELERY_ACCEPT_CONTENT was ["pickle", "json"], allowing workers to accept Python pickle-serialized messages. Pickle deserialization is inherently unsafe because crafted pickle streams can invoke arbitrary callables (e.g., via __reduce__) during loading, turning any party who can place messages on the broker into a code executor. The affected component per CPE is cpe:2.3:a:inducer:relate, and the fix narrows accepted content types to JSON only, eliminating the dangerous pickle deserialization path.
RemediationAI
Upstream fix available (commit); released patched version not independently confirmed - update RELATE to a build that includes commit d66ba5659b459bf1ba56b7109b5f9ecf197cbefb (https://github.com/inducer/relate/commit/d66ba5659b459bf1ba56b7109b5f9ecf197cbefb), which sets CELERY_ACCEPT_CONTENT to ["json"] only, and review the advisory GHSA-4mwh-mwv4-m252 for guidance. If you cannot deploy immediately, the highest-value compensating control is to override CELERY_ACCEPT_CONTENT to ["json"] in your own settings (and ensure task producers serialize with JSON), which directly removes the pickle deserialization path with the side effect of breaking any task that relied on pickle-only payloads such as complex Python objects. Additionally, restore network isolation around the code-execution sandbox so student-submitted code cannot reach the broker host/port, and place the Celery broker (Redis/RabbitMQ) on an isolated network segment with authentication enabled and firewall rules blocking access from sandbox and untrusted networks; the trade-off is added deployment complexity and the need to verify legitimate workers retain connectivity.
An issue in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to t
Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1 allows a remote attacker to execut
Timing attack vulnerability in RELATE's authentication module allows remote unauthenticated attackers to infer valid sig
Predictable token generation in RELATE courseware allows remote attackers to forge authentication and exam access tokens
Cross Site Scripting vulnerability in inducer relate before v.2024.1 allows a remote attacker to escalate privileges via
Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1, allows remote attackers to execut
Same weakness CWE-502 – Deserialization of Untrusted Data
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-32628