CVE-2021-40829

Published
View on NVD ↗
CVSS v3
6.3
MEDIUM
CVSS v2
5.8
MEDIUM
Affected
5
PROJECTS

Description

Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.4.2), Python (versions prior to 1.6.1), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.3) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on MacOS. This issue has been addressed in aws-c-io submodule versions 0.10.5 onward. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.4.2 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.6.1 on macOS. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.12.7 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.5.3 on macOS. Amazon Web Services AWS-C-IO 0.10.4 on macOS.

aws/aws-iot-device-sdk-js-v2
aws/aws-iot-device-sdk-js-v2
Next generation AWS IoT Client SDK for Node.js using the AWS Common Runtime
GitHubGitHub
240
awslabs/aws-c-io
awslabs/aws-c-io
This is a module for the AWS SDK for C. It handles all IO and TLS work for application protocols.
GitHubGitHub
133
aws/aws-iot-device-sdk-python-v2
aws/aws-iot-device-sdk-python-v2
Next generation AWS IoT Client SDK for Python using the AWS Common Runtime
GitHubGitHub
446
aws/aws-iot-device-sdk-cpp-v2
aws/aws-iot-device-sdk-cpp-v2
Next generation AWS IoT Client SDK for C++ using the AWS Common Runtime
GitHubGitHub
208
aws/aws-iot-device-sdk-java-v2
aws/aws-iot-device-sdk-java-v2
Next generation AWS IoT Client SDK for Java using the AWS Common Runtime
GitHubGitHub
136