CVE-2020-5604
CVE-2020-5604
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 2.0%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
09 Jul 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Android App 'Mercari' (Japan version) prior to version 3.52.0 allows arbitrary method execution of a Java object by a remote attacker via a Man-In-The-Middle attack by using Java Reflection API of JavaScript code on WebView.
Affected products
Mercari, Inc. · Android App 'Mercari' (Japan version)