CVE-2021-20835

Description

Improper authorization in handler for custom URL scheme vulnerability in Android App Mercari (Merpay) - Marketplace and Mobile Payments App (Japan version) versions prior to 4.49.1 allows a remote attacker to lead a user to access an arbitrary website and the website launches an arbitrary Activity of the app via the vulnerable App, which may result in Mercari accounts access token being obtained.