Emreefedogan

**Name of the Vulnerable Software and Affected Versions** RELATE versions prior to commit d66ba5659b459bf1ba56b7109b5f9ecf197cbefb **Description** RELATE LMS configures its Celery workers to accept and deserialize untrusted pickle data. Pickle is a Python module used for serializing and deserializing objects. An attacker with access to the message broker can execute arbitrary commands on the host server. Due to missing network isolation in the code execution sandbox, an authenticated student can achieve full Remote Code Execution (RCE) on the host system. **Recommendations** Update to the version containing commit d66ba5659b459bf1ba56b7109b5f9ecf197cbefb.