CVEs-PoC/2021/CVE-2021-20834.md

### [CVE-2021-20834](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20834)
![](https://img.shields.io/static/v1?label=Product&message=Nike%20App%20for%20Android%20versions%20prior%20to%202.177%20and%20Nike%20App%20for%20iOS%20versions%20prior%20to%202.177.1&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Authorization%20in%20Handler%20for%20Custom%20URL%20Scheme&color=brighgreen)

### Description

Improper authorization in handler for custom URL scheme vulnerability in Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.

### POC

#### Reference
- https://play.google.com/store/apps/details?id=com.nike.omega

#### Github
No PoCs found on GitHub currently.