Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/aws-iot-device-sdk-v2@1.3.0
Typenpm
Namespace
Nameaws-iot-device-sdk-v2
Version1.3.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.6.0
Latest_non_vulnerable_version1.6.0
Affected_by_vulnerabilities
0
url VCID-47jf-z44j-9ues
vulnerability_id VCID-47jf-z44j-9ues
summary The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store. Attackers with access to a host’s trust stores or are able to compromise a certificate authority already in the host's trust store (note: the attacker must also be able to spoof DNS in this case) may be able to use this issue to bypass CA pinning. An attacker could then spoof the MQTT broker, and either drop traffic and/or respond with the attacker's data, but they would not be able to forward this data on to the MQTT broker because the attacker would still need the user's private keys to authenticate against the MQTT broker. The 'aws_tls_ctx_options_override_default_trust_store_*' function within the aws-c-io submodule has been updated to override the default trust store. This corrects this issue. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.5.0 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.6.1 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.12.7 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.5.3 on Linux/Unix. Amazon Web Services AWS-C-IO 0.10.4 on Linux/Unix.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-40830
reference_id
reference_type
scores
0
value 0.00103
scoring_system epss
scoring_elements 0.27693
published_at 2026-06-04T12:55:00Z
1
value 0.00103
scoring_system epss
scoring_elements 0.27629
published_at 2026-06-09T12:55:00Z
2
value 0.00103
scoring_system epss
scoring_elements 0.27622
published_at 2026-06-08T12:55:00Z
3
value 0.00103
scoring_system epss
scoring_elements 0.27671
published_at 2026-06-07T12:55:00Z
4
value 0.00103
scoring_system epss
scoring_elements 0.27709
published_at 2026-06-06T12:55:00Z
5
value 0.00103
scoring_system epss
scoring_elements 0.27761
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-40830
1
reference_url https://github.com/advisories/GHSA-c4rh-4376-gff4
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-c4rh-4376-gff4
2
reference_url https://github.com/aws/aws-iot-device-sdk-cpp-v2
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-iot-device-sdk-cpp-v2
3
reference_url https://github.com/aws/aws-iot-device-sdk-java-v2
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-iot-device-sdk-java-v2
4
reference_url https://github.com/aws/aws-iot-device-sdk-java-v2/commit/67950ad2a02f2f9355c310b69dc9226b017f32f2
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-iot-device-sdk-java-v2/commit/67950ad2a02f2f9355c310b69dc9226b017f32f2
5
reference_url https://github.com/aws/aws-iot-device-sdk-js-v2
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-iot-device-sdk-js-v2
6
reference_url https://github.com/aws/aws-iot-device-sdk-js-v2/commit/53a36e3ac203291494120604d416b6de59177cac
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-iot-device-sdk-js-v2/commit/53a36e3ac203291494120604d416b6de59177cac
7
reference_url https://github.com/aws/aws-iot-device-sdk-python-v2
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-iot-device-sdk-python-v2
8
reference_url https://github.com/aws/aws-iot-device-sdk-python-v2/commit/0450ce68add7e3d05c6d781ecdac953c299c053a
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-iot-device-sdk-python-v2/commit/0450ce68add7e3d05c6d781ecdac953c299c053a
9
reference_url https://github.com/awslabs/aws-c-io
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/awslabs/aws-c-io
10
reference_url https://github.com/awslabs/aws-c-io/
reference_id
reference_type
scores
url https://github.com/awslabs/aws-c-io/
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/awsiotsdk/PYSEC-2021-863.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/awsiotsdk/PYSEC-2021-863.yaml
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-40830
reference_id CVE-2021-40830
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-40830
fixed_packages
0
url pkg:npm/aws-iot-device-sdk-v2@1.5.3
purl pkg:npm/aws-iot-device-sdk-v2@1.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vghg-1a3a-5qd7
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/aws-iot-device-sdk-v2@1.5.3
aliases CVE-2021-40830, GHSA-c4rh-4376-gff4, PYSEC-2021-863
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-47jf-z44j-9ues
1
url VCID-58st-qenz-5kgj
vulnerability_id VCID-58st-qenz-5kgj
summary Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.4.2), Python (versions prior to 1.6.1), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.3) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on MacOS. This issue has been addressed in aws-c-io submodule versions 0.10.5 onward. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.4.2 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.6.1 on macOS. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.12.7 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.5.3 on macOS. Amazon Web Services AWS-C-IO 0.10.4 on macOS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-40829
reference_id
reference_type
scores
0
value 0.00102
scoring_system epss
scoring_elements 0.27529
published_at 2026-06-04T12:55:00Z
1
value 0.00102
scoring_system epss
scoring_elements 0.27464
published_at 2026-06-09T12:55:00Z
2
value 0.00102
scoring_system epss
scoring_elements 0.27457
published_at 2026-06-08T12:55:00Z
3
value 0.00102
scoring_system epss
scoring_elements 0.27507
published_at 2026-06-07T12:55:00Z
4
value 0.00102
scoring_system epss
scoring_elements 0.27545
published_at 2026-06-06T12:55:00Z
5
value 0.00102
scoring_system epss
scoring_elements 0.27595
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-40829
1
reference_url https://github.com/advisories/GHSA-743r-5g92-5vgf
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-743r-5g92-5vgf
2
reference_url https://github.com/aws/aws-iot-device-sdk-cpp-v2
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-iot-device-sdk-cpp-v2
3
reference_url https://github.com/aws/aws-iot-device-sdk-java-v2
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-iot-device-sdk-java-v2
4
reference_url https://github.com/aws/aws-iot-device-sdk-java-v2/commits/v1.4.2
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-iot-device-sdk-java-v2/commits/v1.4.2
5
reference_url https://github.com/aws/aws-iot-device-sdk-js-v2
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-iot-device-sdk-js-v2
6
reference_url https://github.com/aws/aws-iot-device-sdk-python-v2
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-iot-device-sdk-python-v2
7
reference_url https://github.com/awslabs/aws-c-io
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/awslabs/aws-c-io
8
reference_url https://github.com/awslabs/aws-c-io/
reference_id
reference_type
scores
url https://github.com/awslabs/aws-c-io/
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/awsiotsdk/PYSEC-2021-862.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/awsiotsdk/PYSEC-2021-862.yaml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-40829
reference_id CVE-2021-40829
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-40829
fixed_packages
0
url pkg:npm/aws-iot-device-sdk-v2@1.5.3
purl pkg:npm/aws-iot-device-sdk-v2@1.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vghg-1a3a-5qd7
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/aws-iot-device-sdk-v2@1.5.3
aliases CVE-2021-40829, GHSA-743r-5g92-5vgf, PYSEC-2021-862
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-58st-qenz-5kgj
2
url VCID-vghg-1a3a-5qd7
vulnerability_id VCID-vghg-1a3a-5qd7
summary The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on macOS systems. Additionally, SNI validation is also not enabled when the CA has been “overridden”. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store. Attackers with access to a host’s trust stores or are able to compromise a certificate authority already in the host's trust store (note: the attacker must also be able to spoof DNS in this case) may be able to use this issue to bypass CA pinning. An attacker could then spoof the MQTT broker, and either drop traffic and/or respond with the attacker's data, but they would not be able to forward this data on to the MQTT broker because the attacker would still need the user's private keys to authenticate against the MQTT broker. The 'aws_tls_ctx_options_override_default_trust_store_*' function within the aws-c-io submodule has been updated to address this behavior. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.5.0 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.7.0 on macOS. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.14.0 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.6.0 on macOS. Amazon Web Services AWS-C-IO 0.10.7 on macOS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-40831
reference_id
reference_type
scores
0
value 0.00278
scoring_system epss
scoring_elements 0.5141
published_at 2026-06-04T12:55:00Z
1
value 0.00278
scoring_system epss
scoring_elements 0.51443
published_at 2026-06-09T12:55:00Z
2
value 0.00278
scoring_system epss
scoring_elements 0.51422
published_at 2026-06-08T12:55:00Z
3
value 0.00278
scoring_system epss
scoring_elements 0.51456
published_at 2026-06-07T12:55:00Z
4
value 0.00278
scoring_system epss
scoring_elements 0.51477
published_at 2026-06-06T12:55:00Z
5
value 0.00278
scoring_system epss
scoring_elements 0.51471
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-40831
1
reference_url https://github.com/advisories/GHSA-j3f7-7rmc-6wqj
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-j3f7-7rmc-6wqj
2
reference_url https://github.com/aws/aws-iot-device-sdk-cpp-v2
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-iot-device-sdk-cpp-v2
3
reference_url https://github.com/aws/aws-iot-device-sdk-java-v2
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-iot-device-sdk-java-v2
4
reference_url https://github.com/aws/aws-iot-device-sdk-java-v2/commit/46375e9b1bfb34109b9ff3b1eff9c770f9daa186
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-iot-device-sdk-java-v2/commit/46375e9b1bfb34109b9ff3b1eff9c770f9daa186
5
reference_url https://github.com/aws/aws-iot-device-sdk-js-v2
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-iot-device-sdk-js-v2
6
reference_url https://github.com/aws/aws-iot-device-sdk-js-v2/commit/22f1989f5bdb0bdd9c912a5a2d255ee6c0854f68
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-iot-device-sdk-js-v2/commit/22f1989f5bdb0bdd9c912a5a2d255ee6c0854f68
7
reference_url https://github.com/aws/aws-iot-device-sdk-python-v2
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-iot-device-sdk-python-v2
8
reference_url https://github.com/aws/aws-iot-device-sdk-python-v2/commit/5aef82573202309063eb540b72cee0e565f85a2d
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-iot-device-sdk-python-v2/commit/5aef82573202309063eb540b72cee0e565f85a2d
9
reference_url https://github.com/awslabs/aws-c-io
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/awslabs/aws-c-io
10
reference_url https://github.com/awslabs/aws-c-io/
reference_id
reference_type
scores
url https://github.com/awslabs/aws-c-io/
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/awsiotsdk/PYSEC-2021-864.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/awsiotsdk/PYSEC-2021-864.yaml
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-40831
reference_id CVE-2021-40831
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-40831
fixed_packages
0
url pkg:npm/aws-iot-device-sdk-v2@1.6.0
purl pkg:npm/aws-iot-device-sdk-v2@1.6.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/aws-iot-device-sdk-v2@1.6.0
aliases CVE-2021-40831, GHSA-j3f7-7rmc-6wqj, PYSEC-2021-864
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vghg-1a3a-5qd7
3
url VCID-wsym-9brv-jybm
vulnerability_id VCID-wsym-9brv-jybm
summary Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.3.3), Python (versions prior to 1.5.18), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.1) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on Windows. This issue has been addressed in aws-c-io submodule versions 0.9.13 onward. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.3.3 on Microsoft Windows. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.5.18 on Microsoft Windows. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.12.7 on Microsoft Windows. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.5.3 on Microsoft Windows.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-40828
reference_id
reference_type
scores
0
value 0.00102
scoring_system epss
scoring_elements 0.27595
published_at 2026-06-05T12:55:00Z
1
value 0.00102
scoring_system epss
scoring_elements 0.27529
published_at 2026-06-04T12:55:00Z
2
value 0.00102
scoring_system epss
scoring_elements 0.27464
published_at 2026-06-09T12:55:00Z
3
value 0.00102
scoring_system epss
scoring_elements 0.27457
published_at 2026-06-08T12:55:00Z
4
value 0.00102
scoring_system epss
scoring_elements 0.27507
published_at 2026-06-07T12:55:00Z
5
value 0.00102
scoring_system epss
scoring_elements 0.27545
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-40828
1
reference_url https://github.com/advisories/GHSA-94jq-q5v2-76wj
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-94jq-q5v2-76wj
2
reference_url https://github.com/aws/aws-iot-device-sdk-cpp-v2
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-iot-device-sdk-cpp-v2
3
reference_url https://github.com/aws/aws-iot-device-sdk-java-v2
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-iot-device-sdk-java-v2
4
reference_url https://github.com/aws/aws-iot-device-sdk-java-v2/commit/67950ad2a02f2f9355c310b69dc9226b017f32f2
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-iot-device-sdk-java-v2/commit/67950ad2a02f2f9355c310b69dc9226b017f32f2
5
reference_url https://github.com/aws/aws-iot-device-sdk-js-v2
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-iot-device-sdk-js-v2
6
reference_url https://github.com/aws/aws-iot-device-sdk-js-v2/commit/4be41394f1aee979e6f4b012fcb01eecabd0c08d
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-iot-device-sdk-js-v2/commit/4be41394f1aee979e6f4b012fcb01eecabd0c08d
7
reference_url https://github.com/aws/aws-iot-device-sdk-python-v2
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-iot-device-sdk-python-v2
8
reference_url https://github.com/aws/aws-iot-device-sdk-python-v2/commit/fd4c0ba04b35eab9e20c635af5548fcc5a92d8be
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-iot-device-sdk-python-v2/commit/fd4c0ba04b35eab9e20c635af5548fcc5a92d8be
9
reference_url https://github.com/awslabs/aws-c-io
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/awslabs/aws-c-io
10
reference_url https://github.com/awslabs/aws-c-io/
reference_id
reference_type
scores
url https://github.com/awslabs/aws-c-io/
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/awsiotsdk/PYSEC-2021-861.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/awsiotsdk/PYSEC-2021-861.yaml
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-40828
reference_id CVE-2021-40828
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-40828
fixed_packages
0
url pkg:npm/aws-iot-device-sdk-v2@1.5.1
purl pkg:npm/aws-iot-device-sdk-v2@1.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-47jf-z44j-9ues
1
vulnerability VCID-58st-qenz-5kgj
2
vulnerability VCID-vghg-1a3a-5qd7
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/aws-iot-device-sdk-v2@1.5.1
aliases CVE-2021-40828, GHSA-94jq-q5v2-76wj, PYSEC-2021-861
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wsym-9brv-jybm
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/aws-iot-device-sdk-v2@1.3.0