Improper authorization in handler for custom URL scheme issue in βMercariβ App for Android prior to version 5.78.0 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.
[
{
"vendor": "Mercari, Inc.",
"product": "\"Mercari\" App for Android",
"versions": [
{
"version": "prior to version 5.78.0",
"status": "affected"
}
]
}
]