“Piccoma” App for Android and iOS versions prior to 6.20.0 uses a hard-coded API key for an external service, which may allow a local attacker to obtain the API key. Note that the users of the app are not directly affected by this vulnerability.
[
{
"vendor": "Kakao piccoma Corp.",
"product": "\"Piccoma\" App for Android",
"versions": [
{
"version": "prior to 6.20.0",
"status": "affected"
}
]
},
{
"vendor": "Kakao piccoma Corp.",
"product": "\"Piccoma\" App for iOS",
"versions": [
{
"version": "prior to 6.20.0",
"status": "affected"
}
]
}
]