Advisory #59
| Title | Mercari (Merpay) improper handling of Intent |
| CVE ID | CVE-2021-20835 |
| Vendor | Mercari, Inc. |
| Affected product | Mercari (Merpay) - Marketplace and Mobile Payments App |
| Affected versions | < 4.49.1 |
| Vulnerability type | CWE-939 (Improper Authorization in Handler for Custom URL Scheme) |
| Description | Mercari (Merpay) has a vulnerability that allows a malicious page to launch an arbitrary Activity, which may allow an attacker to obtain access token of the Mercari account. |
| Status | Fixed in 4.49.1 |
| Recommendation | Update to 4.49.1 or above. |