Vulnerabilities > CVE-2020-5604 - Unspecified vulnerability in Mercari 3.51.0
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Android App 'Mercari' (Japan version) prior to version 3.52.0 allows arbitrary method execution of a Java object by a remote attacker via a Man-In-The-Middle attack by using Java Reflection API of JavaScript code on WebView.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |