• Published Date: Wed 24 Nov 2021
  • Last Modified Date: Mon 29 Nov 2021

Improper authorization in handler for custom URL scheme vulnerability in Android App 'Mercari (Merpay) - Marketplace and Mobile Payments App' (Japan version) versions prior to 4.49.1 allows a remote attacker to lead a user to access an arbitrary website and the website launches an arbitrary Activity of the app via the vulnerable App, which may result in Mercari account's access token being obtained.

References (Advisories, Solutions, and Tools):

Note: This page is generated by our securitybot and has not been checked for errors. Feed Source: NVD