Improper authorization in handler for custom URL scheme vulnerability in Android App 'Mercari (Merpay) - Marketplace and Mobile Payments App' (Japan version) versions prior to 4.49.1 allows a remote attacker to lead a user to access an arbitrary website and the website launches an arbitrary Activity of the app via the vulnerable App, which may result in Mercari account's access token being obtained.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://jvn.jp/en/jp/JVN49465877/index.html |
History
No history.
MITRE
Status: PUBLISHED
Assigner: jpcert
Published: 2021-11-24T08:25:38
Updated: 2024-08-03T17:53:23.012Z
Reserved: 2020-12-17T00:00:00
Link: CVE-2021-20835
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-11-24T16:15:12.970
Modified: 2024-11-21T05:47:15.110
Link: CVE-2021-20835
Redhat
No data.