Vulnerability Database
296,748
Total vulnerabilities in the database
CVE-2025-58758
Impact
TinyEnv did not require the .env file to exist when loading environment variables.
This could lead to unexpected behavior where the application silently ignores missing configuration, potentially causing insecure defaults or deployment misconfigurations.
Affected versions:
- 1.0.1 → 1.0.2
- 1.0.9 → 1.0.10
Patches
The issue has been fixed in version 1.0.11.
All users should upgrade to 1.0.11 or later.
Workarounds
As a workaround, users can manually verify the existence of the .env file before initializing TinyEnv, for example:
if (!file_exists(__DIR__ . '/.env')) {
throw new RuntimeException('.env file is missing!');
}
| Software | From | Fixed in |
|---|---|---|
datahihi1 / tiny-env
|
- | 1.0.3 |
|
datahihi1 / tiny-env
|
1.0.9 | 1.0.11 |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime