Insecure Deserialization

quantconnect.common is vulnerable to insecure deserialization. The vulnerability is due to insecure configuration of the TypeNameHandling property in the Json.NET library, which allows an attacker to exploit unsafe deserialization of crafted JSON payloads and potentially execute arbitrary code...

EUVD-2022-5652

Malicious code in bioql PyPI...

CVE-2020-20136

QuantConnect Lean versions from 2.3.0.0 to 2.4.0.1 are affected by an insecure deserialization vulnerability due to insecure configuration of TypeNameHandling property in Json.NET library...

Json.NET Security Vulnerabilities

Json.NET is a popular .NET high-performance JSON framework from the individual developer James Newton-King. A security vulnerability exists in Json.NET versions prior to 13.0.1, which stems from an improperly handled exception condition, where data passed to the JsonConvert.DeserializeObject meth...

.NET 6.0 security, bug fix, and enhancement update

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...

RHEL 7 : .NET 6.0 (RHSA-2023:0078)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0078 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. N...

Moderate: .NET 6.0 security, bug fix, and enhancement update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.113 and .NET Runtime 6.0.13. The...

CVE-2023-21538

A vulnerability was found in dotnet. This flaw occurs when parsing an empty HTTP response as a JSON.NET JObject that causes a stack overflow and crashes a process...

GHSA-WW7R-278H-48MH QuantConnect Lean vulnerable to insecure deserialization

QuantConnect Lean versions from 2.3.0.0 to 2.4.0.1 are affected by an insecure deserialization vulnerability due to insecure configuration of TypeNameHandling property in Json.NET library. One may avoid this issue by only running Lean in an environment where data provided is trusted...

QuantConnect Lean vulnerable to insecure deserialization

QuantConnect Lean versions from 2.3.0.0 to 2.4.0.1 are affected by an insecure deserialization vulnerability due to insecure configuration of TypeNameHandling property in Json.NET library. One may avoid this issue by only running Lean in an environment where data provided is trusted...

Deserialization of untrusted data

QuantConnect Lean versions from 2.3.0.0 to 2.4.0.1 are affected by an insecure deserialization vulnerability due to insecure configuration of TypeNameHandling property in Json.NET library...

CVE-2020-20136

CVE-2020-20136 affects QuantConnect Lean versions 2.3.0.0 through 2.4.0.1, due to an insecure deserialization vulnerability caused by insecure configuration of TypeNameHandling in Json.NET. The issue is documented across multiple sources (NVD entry, Red Hat advisory, GHSA, OSV) and has high/criti...

. NET advanced code audit（second class） Json. Net deserialization vulnerability-vulnerability warning-the black bar safety net

Newtonsoft. Json, which is an open-source Json. Net library, the official address: https://www.newtonsoft.com/json a read and write Json, efficiency is very high. Net library, in the do develop the time, a lot of data exchange are based on the json format for transmission. While using Json, the...