2 matches found
CVE-2025-58758
CVE-2025-58758 affects TinyEnv, a PHP environment-variable loader. Versions 1.0.1, 1.0.2, 1.0.9, and 1.0.10 do not require the .env file to exist when loading variables, enabling the application to run with missing or insecure defaults. The issue has been fixed in version 1.0.11. Mitigation provi...
CVE-2025-58759
TinyEnv is a PHP environment variable loader affected in versions 1.0.9 and 1.0.10 where inline comments inside .env values are not stripped, allowing unintended characters and potential misconfigurations or authentication failures. Root cause: improper handling of inline comments during parsing....