2021-11-24 08:25:38
jpcert
PUBLISHED
Improper authorization in handler for custom URL scheme vulnerability in Android App Mercari (Merpay) - Marketplace and Mobile Payments App (Japan version) versions prior to 4.49.1 allows a remote attacker to lead a user to access an arbitrary website and the website launches an arbitrary Activity of the app via the vulnerable App, which may result in Mercari accounts access token being obtained.