CVE-2020-5604

Summary

Android App 'Mercari' (Japan version) prior to version 3.52.0 allows arbitrary method execution of a Java object by a remote attacker via a Man-In-The-Middle attack by using Java Reflection API of JavaScript code on WebView.

Affected Software

VendorProductVersion RangeStatus
Mercari, Inc.Android App ‘Mercari’ (Japan version)prior to version 3.52.0affected

Weaknesses

  • Exposed Dangerous Method or Function

ADP Enrichment

CVE Program Container

Additional References

References