Published: 2021/04/27  Last Updated: 2021/04/27

Information from Recruit Co., Ltd.

Vulnerability ID:JVN#97434260
Title:Hot Pepper Gourmet App fails to restrict access permissions
Status:Vulnerable

This is a statement from the vendor itself with no modification by JPCERT/CC.

Hot Pepper Gourmet App fails to restrict access permissions.
We have released the fixed version on the Google Play Store and App Store. Please update to the latest version.

- Products Affected
Hot Pepper Gourmet App for Android ver.4.111.0 and earlier
Hot Pepper Gourmet App for iOS ver.4.111.0 and earlier

- Impact
A remote attacker may lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.

- Solution
Update the Application


# All data is as of April 26, 2021.