exploitDog

CVE-2021-20835

Опубликовано: 24 нояб. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Improper authorization in handler for custom URL scheme vulnerability in Android App 'Mercari (Merpay) - Marketplace and Mobile Payments App' (Japan version) versions prior to 4.49.1 allows a remote attacker to lead a user to access an arbitrary website and the website launches an arbitrary Activity of the app via the vulnerable App, which may result in Mercari account's access token being obtained.

Ссылки

https://jvn.jp/en/jp/JVN49465877/index.html
Third Party Advisory
https://jvn.jp/en/jp/JVN49465877/index.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mercari:mercari:*:*:*:*:*:android:*:*

Версия до 4.49.1 (исключая)

EPSS

Процентиль: 55%

0.00325

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-862

Связанные уязвимости

GHSA-2hf9-98xv-3h7h

CVSS3: 7.5

github

около 4 лет назад

Improper authorization in handler for custom URL scheme vulnerability in Android App 'Mercari (Merpay) - Marketplace and Mobile Payments App' (Japan version) versions prior to 4.49.1 allows a remote attacker to lead a user to access an arbitrary website and the website launches an arbitrary Activity of the app via the vulnerable App, which may result in Mercari account's access token being obtained.

EPSS

Процентиль: 55%

0.00325

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-862