aws/aws-iot-device-sdk-js-v2 is vulnerable to Insecure Certificate Validation. Attackers are able to compromise certificate authorities in their trust stores on Linux/Unix, by spoofing DNS records to bypass CA pinning.
github.com/aws/aws-iot-device-sdk-cpp-v2
github.com/aws/aws-iot-device-sdk-java-v2
github.com/aws/aws-iot-device-sdk-js-v2
github.com/aws/aws-iot-device-sdk-js-v2/commit/22f1989f5bdb0bdd9c912a5a2d255ee6c0854f68
github.com/aws/aws-iot-device-sdk-js-v2/pull/185
github.com/aws/aws-iot-device-sdk-python-v2
github.com/awslabs/aws-c-io/