CVE-2020-20136

Published
View on NVD ↗
CVSS v3
9.8
CRITICAL
CVSS v2
7.5
HIGH
Affected
1
PROJECT

Description

QuantConnect Lean versions from 2.3.0.0 to 2.4.0.1 are affected by an insecure deserialization vulnerability due to insecure configuration of TypeNameHandling property in Json.NET library.

QuantConnect/Lean
QuantConnect/Lean
Lean Algorithmic Trading Engine by QuantConnect (Python, C#)
GitHubGitHub
19.7K