3 matches found
CVE-2020-20136
QuantConnect Lean versions from 2.3.0.0 to 2.4.0.1 are affected by an insecure deserialization vulnerability due to insecure configuration of TypeNameHandling property in Json.NET library...
CVE-2020-20136
QuantConnect Lean versions from 2.3.0.0 to 2.4.0.1 are affected by an insecure deserialization vulnerability due to insecure configuration of TypeNameHandling property in Json.NET library...
CVE-2020-20136
CVE-2020-20136 affects QuantConnect Lean versions 2.3.0.0 through 2.4.0.1, due to an insecure deserialization vulnerability caused by insecure configuration of TypeNameHandling in Json.NET. The issue is documented across multiple sources (NVD entry, Red Hat advisory, GHSA, OSV) and has high/criti...