CVE-2024-35298

Name of the Vulnerable Software and Affected Versions ZOZOTOWN App for Android versions prior to 7.39.6

Description The issue is related to improper authorization in the handler for a custom URL scheme, which allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device. This could result in the user becoming a victim of a phishing attack.

Recommendations For ZOZOTOWN App for Android versions prior to 7.39.6, update to version 7.39.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of custom URL schemes in the app to minimize the risk of exploitation.