writeups.xyz / Content Injection in DuoLingo’s TinyCards App for Android [CVE-2017-16905]

Submitter : c2a

Date: 4 January 2018

Bounty : undisclosed

Vulnerabilities :

Content Injection

Programs :

DuoLingo

Authors :

Nightwatch Cybersecurity (@Nightwatchcyber)

Link :
https://wwws.nightwatchcybersecurity.com/2018/01/04/rce-in-duolingos-tinycards-app-for-android-cve-2017-16905/