Android App 'Mercari' (Japan version) prior to version 3.52.0 allows arbitrary method execution of a Java object by a remote attacker via a Man-In-The-Middle attack by using Java Reflection API of JavaScript code on WebView.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2020-07-09T01:05:20

Updated: 2024-08-04T08:30:24.580Z

Reserved: 2020-01-06T00:00:00

Link: CVE-2020-5604

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-07-09T02:15:10.527

Modified: 2024-11-21T05:34:20.907

Link: CVE-2020-5604

cve-icon Redhat

No data.