Published: 2021/10/29  Last Updated: 2021/10/29

Information from Mercari, Inc.

Vulnerability ID:JVN#49465877
Title:Android App "Mercari (Merpay) - Marketplace and Mobile Payments App" (Japan version) vulnerable to improper handling of Intent
Status:Vulnerable

This is a statement from the vendor itself with no modification by JPCERT/CC.

This vulnerability was remediated in version 4.49.1 of the app and the app was force updated and no longer supports versions below this.
Therefore, there is currently no impact on users and no need for users to take any action.
Furthermore, we confirmed that there have been no cases of users being affected by this vulnerability being exploited in the past.

This vulnerability was reported by RyotaK to Mercari's vulnerability report window.
https://about.mercari.com/en/security/vulnerability/