21 matches found
Improper Configuration Management
TinyEnv is vulnerable to Improper Configuration Management. The vulnerability is due to the application not requiring the .env file to exist when loading environment variables, which allows an attacker or misconfiguration to cause the application to run with insecure defaults or missing...
EUVD-2025-27476
Malicious code in bioql PyPI...
CVE-2025-58759
TinyEnv is an environment variable loader for PHP applications. In versions 1.0.9 and 1.0.10, TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters including or comment text...
CVE-2025-58758
TinyEnv is an environment variable loader for PHP applications. In versions 1.0.1, 1.0.2, 1.0.9, and 1.0.10, TinyEnv did not require the .env file to exist when loading environment variables. This could lead to unexpected behavior where the application silently ignores missing configuration,...
TinyEnv: Inline comments not stripped properly in .env values
Impact TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters including or comment text. Applications depending on strict environment values may expose logic errors, insecure...
GHSA-72CM-7236-H43R TinyEnv: Inline comments not stripped properly in .env values
Impact TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters including or comment text. Applications depending on strict environment values may expose logic errors, insecure...
GHSA-3J7M-5G4Q-GFPC TinyEnv: Missing .env file not required — may cause unexpected behavior
Impact TinyEnv did not require the .env file to exist when loading environment variables. This could lead to unexpected behavior where the application silently ignores missing configuration, potentially causing insecure defaults or deployment misconfigurations. Affected versions: - 1.0.1 → 1.0.2 ...
TinyEnv: Missing .env file not required — may cause unexpected behavior
Impact TinyEnv did not require the .env file to exist when loading environment variables. This could lead to unexpected behavior where the application silently ignores missing configuration, potentially causing insecure defaults or deployment misconfigurations. Affected versions: - 1.0.1 → 1.0.2 ...
CVE-2025-58759
TinyEnv is an environment variable loader for PHP applications. In versions 1.0.9 and 1.0.10, TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters including or comment text...
CVE-2025-58758
TinyEnv is an environment variable loader for PHP applications. In versions 1.0.1, 1.0.2, 1.0.9, and 1.0.10, TinyEnv did not require the .env file to exist when loading environment variables. This could lead to unexpected behavior where the application silently ignores missing configuration,...
CVE-2025-58759 TinyEnv: Inline comments not stripped properly in .env values
TinyEnv is an environment variable loader for PHP applications. In versions 1.0.9 and 1.0.10, TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters including or comment text...
CVE-2025-58759
TinyEnv is a PHP environment variable loader affected in versions 1.0.9 and 1.0.10 where inline comments inside .env values are not stripped, allowing unintended characters and potential misconfigurations or authentication failures. Root cause: improper handling of inline comments during parsing....
CVE-2025-58759 TinyEnv: Inline comments not stripped properly in .env values
TinyEnv is an environment variable loader for PHP applications. In versions 1.0.9 and 1.0.10, TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters including or comment text...
CVE-2025-58758 TinyEnv: Missing .env file not required — may cause unexpected behavior
TinyEnv is an environment variable loader for PHP applications. In versions 1.0.1, 1.0.2, 1.0.9, and 1.0.10, TinyEnv did not require the .env file to exist when loading environment variables. This could lead to unexpected behavior where the application silently ignores missing configuration,...
CVE-2025-58758
CVE-2025-58758 affects TinyEnv, a PHP environment-variable loader. Versions 1.0.1, 1.0.2, 1.0.9, and 1.0.10 do not require the .env file to exist when loading variables, enabling the application to run with missing or insecure defaults. The issue has been fixed in version 1.0.11. Mitigation provi...
CVE-2025-58758 TinyEnv: Missing .env file not required — may cause unexpected behavior
TinyEnv is an environment variable loader for PHP applications. In versions 1.0.1, 1.0.2, 1.0.9, and 1.0.10, TinyEnv did not require the .env file to exist when loading environment variables. This could lead to unexpected behavior where the application silently ignores missing configuration,...
CVE-2025-58758 TinyEnv: Missing .env file not required — may cause unexpected behavior
TinyEnv is an environment variable loader for PHP applications. In versions 1.0.1, 1.0.2, 1.0.9, and 1.0.10, TinyEnv did not require the .env file to exist when loading environment variables. This could lead to unexpected behavior where the application silently ignores missing configuration,...
TinyEnv 安全漏洞
TinyEnv is an environment variable loader for Dat Duy Personal Developer. A security vulnerability exists in TinyEnv versions 1.0.1, 1.0.2, 1.0.9, and 1.0.10, which stems from a checking deficiency in the .env file that could lead to unsafe default configurations...
TinyEnv 输入验证错误漏洞
TinyEnv is an environment variable loader for the Dat Duy Personal Developer. An input validation error vulnerability exists in TinyEnv versions 1.0.9 and 1.0.10, which stems from improper handling of inline annotations and can lead to configuration errors...
PT-2025-36953
Name of the Vulnerable Software and Affected Versions: TinyEnv versions 1.0.9 through 1.0.10 Description: TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters, including or...