Raj-Kumar-Jo

**Name of the Vulnerable Software and Affected Versions** QuantConnect Lean versions 2.3.0.0 through 2.4.0.1 **Description** The issue is related to an insecure deserialization vulnerability due to the insecure configuration of the `TypeNameHandling` property in the Json.NET library. This vulnerability can be mitigated by only running the affected software in an environment where the provided data is trusted. **Recommendations** For QuantConnect Lean versions 2.3.0.0 through 2.4.0.1, consider running the software in a trusted environment to minimize the risk of exploitation. As a temporary workaround, restrict the use of untrusted data in the Json.NET library until a patch is available.