Published: 2020/07/08  Last Updated: 2020/07/08

Information from Mercari, Inc.

Vulnerability ID:JVN#93167107
Title:Android App "Mercari" (Japan version) vulnerable to arbitrary method execution of Java object

This is a statement from the vendor itself with no modification by JPCERT/CC.

This vulnerability was remediated in version 3.52.0 of the app and the app no longer supports Android OS versions below 4.2 which were affected by this vulnerability. Therefore, there is currently no impact on users and no need for users to take any action.
Furthermore, we confirmed that there have been no cases of users being affected by this vulnerability being exploited in the past.