Vulnerabilities > Duolingo

DATE CVE VULNERABILITY TITLE RISK
2018-01-05 CVE-2017-16905 Code Injection vulnerability in Duolingo Tinycards
The DuoLingo TinyCards application before 1.0 for Android has one use of unencrypted HTTP, which allows remote attackers to spoof content, and consequently achieve remote code execution, via a man-in-the-middle attack.
network
high complexity
duolingo CWE-94
8.1