Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local attacker to retrieve the hard-coded API key when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service.
[
{
"vendor": "Spoon Radio Japan Inc.",
"product": "Android Spoon application",
"versions": [
{
"version": "version 7.11.1 to 8.6.0",
"status": "affected"
}
]
}
]