Home

Description

TinyEnv is an environment variable loader for PHP applications. In versions 1.0.1, 1.0.2, 1.0.9, and 1.0.10, TinyEnv did not require the `.env` file to exist when loading environment variables. This could lead to unexpected behavior where the application silently ignores missing configuration, potentially causing insecure defaults or deployment misconfigurations. The issue has been fixed in version 1.0.11. All users should upgrade to 1.0.11 or later. As a workaround, users can manually verify the existence of the `.env` file before initializing TinyEnv.

PUBLISHED Reserved 2025-09-04 | Published 2025-09-09 | Updated 2025-09-10 | Assigner GitHub_M




MEDIUM: 5.1CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Problem types

CWE-703: Improper Check or Handling of Exceptional Conditions

Product status

>= 1.0.1, < 1.0.3
affected

>= 1.0.9, < 1.0.11
affected

References

github.com/...ny-env/security/advisories/GHSA-3j7m-5g4q-gfpc

github.com/...ommit/69b7b885e6cfbf07f470fb3512360e0caa95521e

cve.org (CVE-2025-58758)

nvd.nist.gov (CVE-2025-58758)

Download JSON