VYPR

Aws IoT Device Sdk V2 For Node.js

by Amazon

CVEs (4)

  • CVE-2021-40831Nov 22, 2021
    risk 0.00cvss epss 0.01

    The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on macOS systems. Additionally, SNI validation is also not enabled when the CA has been “overridden”. TLS handshakes will…

  • CVE-2021-40830Nov 22, 2021
    risk 0.00cvss epss 0.00

    The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the…

  • CVE-2021-40829Nov 22, 2021
    risk 0.00cvss epss 0.00

    Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.4.2), Python (versions prior to 1.6.1), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.3) did not verify server certificate hostname during TLS handshake when overriding…

  • CVE-2021-40828Nov 22, 2021
    risk 0.00cvss epss 0.00

    Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.3.3), Python (versions prior to 1.5.18), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.1) did not verify server certificate hostname during TLS handshake when overriding…