CVE-2020-20136: QuantConnect Lean vulnerable to insecure deserialization

Severity: Critical

CVSS Score: 9.8

QuantConnect Lean versions from 2.3.0.0 to 2.4.0.1 are affected by an insecure deserialization vulnerability due to insecure configuration of TypeNameHandling property in Json.NET library.