Improper authorization in handler for custom URL scheme vulnerability in Android App 'Mercari (Merpay) - Marketplace and Mobile Payments App' (Japan version) versions prior to 4.49.1 allows a remote attacker to lead a user to access an arbitrary website and the website launches an arbitrary Activity of the app via the vulnerable App, which may result in Mercari account's access token being obtained.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2021-11-24T08:25:38

Updated: 2024-08-03T17:53:23.012Z

Reserved: 2020-12-17T00:00:00

Link: CVE-2021-20835

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-11-24T16:15:12.970

Modified: 2024-11-21T05:47:15.110

Link: CVE-2021-20835

cve-icon Redhat

No data.