CVEs-PoC/2021/CVE-2021-20747.md

### [CVE-2021-20747](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20747)
![](https://img.shields.io/static/v1?label=Product&message=Retty%20App&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=Retty%20App%20for%20Android%20versions%20prior%20to%204.8.13%20and%20Retty%20App%20for%20iOS%20versions%20prior%20to%204.11.14%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Authorization%20in%20Handler%20for%20Custom%20URL%20Scheme&color=brightgreen)

### Description

Improper authorization in handler for custom URL scheme vulnerability in Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.

### POC

#### Reference
- https://drive.google.com/file/d/1PBYqIsK8QxEEhGJ4SEgpY7iZw3RTTDho/view

#### Github
No PoCs found on GitHub currently.