{"id":"CVE-2021-40830","details":"The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store. Attackers with access to a host’s trust stores or are able to compromise a certificate authority already in the host's trust store (note: the attacker must also be able to spoof DNS in this case) may be able to use this issue to bypass CA pinning. An attacker could then spoof the MQTT broker, and either drop traffic and/or respond with the attacker's data, but they would not be able to forward this data on to the MQTT broker because the attacker would still need the user's private keys to authenticate against the MQTT broker. The 'aws_tls_ctx_options_override_default_trust_store_*' function within the aws-c-io submodule has been updated to override the default trust store. This corrects this issue. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.5.0 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.6.1 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.12.7 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.5.3 on Linux/Unix. Amazon Web Services AWS-C-IO 0.10.4 on Linux/Unix.","aliases":["GHSA-c4rh-4376-gff4","PYSEC-2021-863"],"modified":"2026-04-12T02:00:18.886583Z","published":"2021-11-23T00:15:07.380Z","references":[{"type":"WEB","url":"https://github.com/awslabs/aws-c-io/"},{"type":"PACKAGE","url":"https://github.com/aws/aws-iot-device-sdk-cpp-v2"},{"type":"PACKAGE","url":"https://github.com/aws/aws-iot-device-sdk-java-v2"},{"type":"PACKAGE","url":"https://github.com/aws/aws-iot-device-sdk-js-v2"},{"type":"PACKAGE","url":"https://github.com/aws/aws-iot-device-sdk-python-v2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/aws/aws-iot-device-sdk-cpp-v2","events":[{"introduced":"0"},{"fixed":"efa3dc2d4a98f9be3470c5b1d6f20ea509599217"},{"fixed":"efd6f1b340a7f56f7558a0490a6c78fa2dd253ba"},{"fixed":"b425c9595a0ca88f6ba909e81f9ea0553cd2295c"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"1.5.3"},{"fixed":"1.6.1"},{"fixed":"1.12.7"}],"cpe":["cpe:2.3:a:amazon:amazon_web_services_internet_of_things_device_software_development_kit_v2:*:*:*:*:*:node.js:*:*","cpe:2.3:a:amazon:amazon_web_services_internet_of_things_device_software_development_kit_v2:*:*:*:*:*:python:*:*","cpe:2.3:a:amazon:amazon_web_services_internet_of_things_device_software_development_kit_v2:*:*:*:*:*:c\\+\\+:*:*"],"source":"CPE_FIELD"}}],"versions":["v0.1.1","v0.1.2","v0.1.3","v1.0","v1.1","v1.10.0","v1.10.1","v1.10.2","v1.10.3","v1.10.4","v1.10.5","v1.10.6","v1.10.7","v1.10.8","v1.10.9","v1.11.0","v1.12.0","v1.12.1","v1.12.2","v1.12.3","v1.12.4","v1.12.5","v1.12.6","v1.2","v1.3","v1.4","v1.4.1","v1.4.2","v1.4.3","v1.5.1","v1.5.2","v1.5.3","v1.5.4","v1.5.5","v1.6.0","v1.6.1","v1.6.2","v1.7.0","v1.7.1","v1.7.2","v1.7.3","v1.7.4","v1.7.5","v1.8.0","v1.8.1","v1.8.2","v1.8.3","v1.8.4","v1.9.0"],"database_specific":{"vanir_signatures_modified":"2026-04-12T02:00:18Z","vanir_signatures":[{"digest":{"length":1048,"function_hash":"98982507890037221679658572369745145578"},"signature_type":"Function","deprecated":false,"target":{"function":"IotJobsClient::SubscribeToUpdateJobExecutionRejected","file":"jobs/source/IotJobsClient.cpp"},"signature_version":"v1","id":"CVE-2021-40830-02433620","source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba"},{"digest":{"length":1024,"function_hash":"165027320789812889561110294641284995884"},"signature_type":"Function","deprecated":false,"target":{"function":"IotJobsClient::SubscribeToGetPendingJobExecutionsRejected","file":"jobs/source/IotJobsClient.cpp"},"signature_version":"v1","id":"CVE-2021-40830-0563dd19","source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba"},{"digest":{"length":1017,"function_hash":"119204228521496104825939341431810880432"},"signature_type":"Function","deprecated":false,"target":{"function":"IotIdentityClient::SubscribeToCreateCertificateFromCsrRejected","file":"identity/source/IotIdentityClient.cpp"},"signature_version":"v1","id":"CVE-2021-40830-19e78b14","source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba"},{"digest":{"length":1020,"function_hash":"168598955633068971793766475207198054205"},"signature_type":"Function","deprecated":false,"target":{"function":"IotShadowClient::SubscribeToDeleteShadowAccepted","file":"shadow/source/IotShadowClient.cpp"},"signature_version":"v1","id":"CVE-2021-40830-1c7488eb","source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba"},{"digest":{"length":1047,"function_hash":"196963877185553524189844914571795785944"},"signature_type":"Function","deprecated":false,"target":{"function":"IotJobsClient::SubscribeToDescribeJobExecutionRejected","file":"jobs/source/IotJobsClient.cpp"},"signature_version":"v1","id":"CVE-2021-40830-1f773f41","source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba"},{"digest":{"length":1043,"function_hash":"235476979331085233043846502233954872393"},"signature_type":"Function","deprecated":false,"target":{"function":"IotIdentityClient::SubscribeToRegisterThingAccepted","file":"identity/source/IotIdentityClient.cpp"},"signature_version":"v1","id":"CVE-2021-40830-3542d9e9","source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba"},{"digest":{"length":1008,"function_hash":"149533778192248836180809290166192774978"},"signature_type":"Function","deprecated":false,"target":{"function":"IotIdentityClient::SubscribeToCreateKeysAndCertificateRejected","file":"identity/source/IotIdentityClient.cpp"},"signature_version":"v1","id":"CVE-2021-40830-3b18d8cb","source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba"},{"digest":{"length":1043,"function_hash":"205466917386749728857540082481999305167"},"signature_type":"Function","deprecated":false,"target":{"function":"IotIdentityClient::SubscribeToRegisterThingRejected","file":"identity/source/IotIdentityClient.cpp"},"signature_version":"v1","id":"CVE-2021-40830-3b719ff0","source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba"},{"digest":{"length":1024,"function_hash":"179459012236201148891526488014547914183"},"signature_type":"Function","deprecated":false,"target":{"function":"IotJobsClient::SubscribeToGetPendingJobExecutionsAccepted","file":"jobs/source/IotJobsClient.cpp"},"signature_version":"v1","id":"CVE-2021-40830-3be980a2","source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba"},{"digest":{"length":1020,"function_hash":"124594322792865987157686919522901925216"},"signature_type":"Function","deprecated":false,"target":{"function":"IotShadowClient::SubscribeToUpdateShadowRejected","file":"shadow/source/IotShadowClient.cpp"},"signature_version":"v1","id":"CVE-2021-40830-465c470e","source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba"},{"digest":{"length":1020,"function_hash":"45705757137795355776969157709594717442"},"signature_type":"Function","deprecated":false,"target":{"function":"IotShadowClient::SubscribeToUpdateShadowAccepted","file":"shadow/source/IotShadowClient.cpp"},"signature_version":"v1","id":"CVE-2021-40830-48e02777","source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba"},{"digest":{"line_hashes":["230342386372089861307242015008058681906","205843513893998540448188835325620363332","226281338371378335183449550312559773348","104525151370226745786379902735580927555"],"threshold":0.9},"signature_type":"Line","deprecated":false,"target":{"file":"samples/identity/fleet_provisioning/main.cpp"},"signature_version":"v1","id":"CVE-2021-40830-566701bc","source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba"},{"digest":{"length":1014,"function_hash":"127754970515853051586368986135498682091"},"signature_type":"Function","deprecated":false,"target":{"function":"IotShadowClient::SubscribeToGetShadowAccepted","file":"shadow/source/IotShadowClient.cpp"},"signature_version":"v1","id":"CVE-2021-40830-57f3ccb2","source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba"},{"digest":{"length":1014,"function_hash":"280284464166725484113216923362671165459"},"signature_type":"Function","deprecated":false,"target":{"function":"IotShadowClient::SubscribeToGetShadowRejected","file":"shadow/source/IotShadowClient.cpp"},"signature_version":"v1","id":"CVE-2021-40830-585871a0","source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba"},{"digest":{"length":1020,"function_hash":"321260236440234264945357286900376505537"},"signature_type":"Function","deprecated":false,"target":{"function":"IotShadowClient::SubscribeToDeleteShadowRejected","file":"shadow/source/IotShadowClient.cpp"},"signature_version":"v1","id":"CVE-2021-40830-8b1b31d8","source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba"},{"digest":{"length":1048,"function_hash":"272587006739776093146036404677076057465"},"signature_type":"Function","deprecated":false,"target":{"function":"IotJobsClient::SubscribeToUpdateJobExecutionAccepted","file":"jobs/source/IotJobsClient.cpp"},"signature_version":"v1","id":"CVE-2021-40830-8ee3a124","source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba"},{"digest":{"length":1036,"function_hash":"208279227132893194073547388285952571735"},"signature_type":"Function","deprecated":false,"target":{"function":"IotJobsClient::SubscribeToStartNextPendingJobExecutionRejected","file":"jobs/source/IotJobsClient.cpp"},"signature_version":"v1","id":"CVE-2021-40830-9175f742","source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba"},{"digest":{"length":1047,"function_hash":"175764025898463338423587132025720849811"},"signature_type":"Function","deprecated":false,"target":{"function":"IotJobsClient::SubscribeToDescribeJobExecutionAccepted","file":"jobs/source/IotJobsClient.cpp"},"signature_version":"v1","id":"CVE-2021-40830-aa3f0dc3","source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba"},{"digest":{"length":1021,"function_hash":"320295843878709591141891679162648613720"},"signature_type":"Function","deprecated":false,"target":{"function":"IotShadowClient::SubscribeToShadowDeltaUpdatedEvents","file":"shadow/source/IotShadowClient.cpp"},"signature_version":"v1","id":"CVE-2021-40830-adb75bd2","source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba"},{"digest":{"length":1036,"function_hash":"119507636605857984303262600508170755305"},"signature_type":"Function","deprecated":false,"target":{"function":"IotJobsClient::SubscribeToStartNextPendingJobExecutionAccepted","file":"jobs/source/IotJobsClient.cpp"},"signature_version":"v1","id":"CVE-2021-40830-b3a11124","source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba"},{"digest":{"length":1008,"function_hash":"100514015869796908044356247118439867718"},"signature_type":"Function","deprecated":false,"target":{"function":"IotIdentityClient::SubscribeToCreateKeysAndCertificateAccepted","file":"identity/source/IotIdentityClient.cpp"},"signature_version":"v1","id":"CVE-2021-40830-bc3f6097","source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba"},{"digest":{"length":1001,"function_hash":"97296809749017624097468165779185895683"},"signature_type":"Function","deprecated":false,"target":{"function":"IotJobsClient::SubscribeToJobExecutionsChangedEvents","file":"jobs/source/IotJobsClient.cpp"},"signature_version":"v1","id":"CVE-2021-40830-c1983947","source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba"},{"digest":{"line_hashes":["326167592057099830353828072313645830554","293054556881763588616670124924108480901","111810885248206201112539425570142587712","70216524490123261033673792898970622398","93219863306673762155482642015259886669","24429932077257745333730642339986854739","111810885248206201112539425570142587712","70216524490123261033673792898970622398","329391610494058956356507258073953074708","222873449058409410848483793322770967601","111810885248206201112539425570142587712","70216524490123261033673792898970622398","313241844359076564971476835519119976665","49963589851800492066188496962267192276","111810885248206201112539425570142587712","70216524490123261033673792898970622398","262902014855978204820465011655632934817","140084750252220336630716056001226161155","111810885248206201112539425570142587712","70216524490123261033673792898970622398","58479910732062550271169293821040115855","275870513201740203937893570879252091376","111810885248206201112539425570142587712","70216524490123261033673792898970622398","336919288081763814885191775221718528694","101094198999562965589136156484451445157","111810885248206201112539425570142587712","70216524490123261033673792898970622398","183214338663794710452991886866118130182","134118649328838544619370072461283173323","111810885248206201112539425570142587712","70216524490123261033673792898970622398","80172308949506630077423600372964550395","242763020377057416413157268746801517053","111810885248206201112539425570142587712","70216524490123261033673792898970622398","170933778762927186644261539823749910259","284548306774200684555354211869914366712","111810885248206201112539425570142587712","70216524490123261033673792898970622398"],"threshold":0.9},"signature_type":"Line","deprecated":false,"target":{"file":"jobs/source/IotJobsClient.cpp"},"signature_version":"v1","id":"CVE-2021-40830-d6c9a503","source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba"},{"digest":{"length":1020,"function_hash":"135225166015258223883669864125251318891"},"signature_type":"Function","deprecated":false,"target":{"function":"IotShadowClient::SubscribeToShadowUpdatedEvents","file":"shadow/source/IotShadowClient.cpp"},"signature_version":"v1","id":"CVE-2021-40830-dc5eea30","source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba"},{"digest":{"line_hashes":["153301192323699787610308551928351794069","231799229138906612903889631659796938528","111810885248206201112539425570142587712","70216524490123261033673792898970622398","127203748230272958985250685959194466717","152672871023276082668341893493015720616","111810885248206201112539425570142587712","70216524490123261033673792898970622398","240740098531191759705265081101498187186","122072058802475952200720257039220955666","111810885248206201112539425570142587712","70216524490123261033673792898970622398","23532137193705371306399471280809154088","92493570082685903641755354578384277181","111810885248206201112539425570142587712","70216524490123261033673792898970622398","327555065746989319291274580235782006197","53118516227897917220388385616513989785","111810885248206201112539425570142587712","70216524490123261033673792898970622398","145456478191364842358773980437785219925","145257614270874795375547770223730671180","111810885248206201112539425570142587712","70216524490123261033673792898970622398","72988191512902427239038586954578820294","106376054005516871088973189801140191822","111810885248206201112539425570142587712","70216524490123261033673792898970622398","313387830453111040804460504182177801746","322925350023021315304788346643354183943","111810885248206201112539425570142587712","70216524490123261033673792898970622398"],"threshold":0.9},"signature_type":"Line","deprecated":false,"target":{"file":"shadow/source/IotShadowClient.cpp"},"signature_version":"v1","id":"CVE-2021-40830-e2af83ae","source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba"},{"digest":{"line_hashes":["331930385137325414295218273715334122388","324877662300095167131174494618409772811","111810885248206201112539425570142587712","70216524490123261033673792898970622398","228889239507695077299663775706632483854","238012712210270684826994199402292516922","111810885248206201112539425570142587712","70216524490123261033673792898970622398","9550196507415204210268687641614470847","126743438397327513184449791748918818973","111810885248206201112539425570142587712","70216524490123261033673792898970622398","138041169733595194662322004251494144785","304507540854630181610144898923044349045","111810885248206201112539425570142587712","70216524490123261033673792898970622398","225551886425931129654106639982372836482","39719292845961785162398473468139688238","111810885248206201112539425570142587712","70216524490123261033673792898970622398","256381315492775329837280087712636651575","225626166415092878286089914513984858904","111810885248206201112539425570142587712","70216524490123261033673792898970622398"],"threshold":0.9},"signature_type":"Line","deprecated":false,"target":{"file":"identity/source/IotIdentityClient.cpp"},"signature_version":"v1","id":"CVE-2021-40830-ea462cda","source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba"},{"digest":{"length":1009,"function_hash":"661852147991210602325930671757844501"},"signature_type":"Function","deprecated":false,"target":{"function":"IotJobsClient::SubscribeToNextJobExecutionChangedEvents","file":"jobs/source/IotJobsClient.cpp"},"signature_version":"v1","id":"CVE-2021-40830-f2c35424","source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba"},{"digest":{"length":1017,"function_hash":"138688871704542781044840709501230477974"},"signature_type":"Function","deprecated":false,"target":{"function":"IotIdentityClient::SubscribeToCreateCertificateFromCsrAccepted","file":"identity/source/IotIdentityClient.cpp"},"signature_version":"v1","id":"CVE-2021-40830-f5cc599e","source":"https://github.com/aws/aws-iot-device-sdk-cpp-v2/commit/efd6f1b340a7f56f7558a0490a6c78fa2dd253ba"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-40830.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/aws/aws-iot-device-sdk-java-v2","events":[{"introduced":"0"},{"fixed":"46375e9b1bfb34109b9ff3b1eff9c770f9daa186"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"1.5.0"}],"cpe":"cpe:2.3:a:amazon:amazon_web_services_internet_of_things_device_software_development_kit_v2:*:*:*:*:*:java:*:*","source":"CPE_FIELD"}}],"versions":["1.2.11","1.2.8","1.2.9","v0.2.4","v0.2.5","v0.2.6","v0.2.7","v0.2.8","v0.3.0","v0.3.1","v0.3.2","v0.3.3","v1.0.0","v1.0.1","v1.0.2","v1.0.3","v1.0.4","v1.0.5","v1.0.6","v1.0.7","v1.0.8","v1.0.9","v1.1.0","v1.1.1","v1.2.0","v1.2.1","v1.2.10","v1.2.12","v1.2.13","v1.2.14","v1.2.15","v1.2.16","v1.2.17","v1.2.18","v1.2.2","v1.2.3","v1.2.4","v1.2.5","v1.2.6","v1.2.7","v1.2.8","v1.3.0","v1.3.1","v1.3.2","v1.3.3","v1.4.0","v1.4.1","v1.4.2","v1.4.3"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-40830.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/awslabs/aws-c-io","events":[{"introduced":"0"},{"last_affected":"e50f93f9a6592d4619552d3fe925fab02524df95"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"0.10.4"}],"cpe":"cpe:2.3:a:amazon:amazon_web_services_aws-c-io:0.10.4:*:*:*:*:*:*:*","source":"CPE_FIELD"}}],"versions":["0.2.4","v0.1.1","v0.10.0","v0.10.1","v0.10.2","v0.10.3","v0.10.4","v0.2.0","v0.2.1","v0.2.2","v0.2.3","v0.2.4","v0.2.5","v0.2.6","v0.2.7","v0.2.8","v0.3.0","v0.3.1","v0.3.10","v0.3.11","v0.3.12","v0.3.13","v0.3.14","v0.3.15","v0.3.2","v0.3.3","v0.3.4","v0.3.5","v0.3.6","v0.3.7","v0.3.8","v0.3.9","v0.4.0","v0.4.1","v0.4.10","v0.4.11","v0.4.12","v0.4.13","v0.4.14","v0.4.15","v0.4.16","v0.4.17","v0.4.18","v0.4.19","v0.4.2","v0.4.20","v0.4.21","v0.4.22","v0.4.23","v0.4.24","v0.4.25","v0.4.26","v0.4.27","v0.4.28","v0.4.29","v0.4.3","v0.4.30","v0.4.31","v0.4.32","v0.4.33","v0.4.34","v0.4.35","v0.4.36","v0.4.37","v0.4.38","v0.4.39","v0.4.4","v0.4.40","v0.4.41","v0.4.42","v0.4.43","v0.4.44","v0.4.45","v0.4.46","v0.4.47","v0.4.48","v0.4.5","v0.4.6","v0.4.7","v0.4.8","v0.4.9","v0.5.0","v0.6.0","v0.6.1","v0.6.2","v0.6.3","v0.6.4","v0.6.5","v0.7.0","v0.7.1","v0.8.0","v0.8.1","v0.8.2","v0.8.3","v0.9.0","v0.9.1","v0.9.10","v0.9.11","v0.9.12","v0.9.13","v0.9.14","v0.9.2","v0.9.3","v0.9.4","v0.9.5","v0.9.6","v0.9.7","v0.9.8","v0.9.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-40830.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}