Deserialization of Untrusted Data
QuantConnect Lean versions from 2.3.0.0 to 2.4.0.1 are affected by an insecure deserialization vulnerability due to insecure configuration of TypeNameHandling property in Json.NET library.
Advisories for Nuget/QuantConnect.Common package
2022