7.3
CVE-2025-58758
- EPSS 0.17%
- Veröffentlicht 09.09.2025 19:50:18
- Zuletzt bearbeitet 08.10.2025 20:53:57
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginTinyEnv: Missing .env file not required — may cause unexpected behavior
TinyEnv is an environment variable loader for PHP applications. In versions 1.0.1, 1.0.2, 1.0.9, and 1.0.10, TinyEnv did not require the `.env` file to exist when loading environment variables. This could lead to unexpected behavior where the application silently ignores missing configuration, potentially causing insecure defaults or deployment misconfigurations. The issue has been fixed in version 1.0.11. All users should upgrade to 1.0.11 or later. As a workaround, users can manually verify the existence of the `.env` file before initializing TinyEnv.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.069 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.3 | 3.9 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
| security-advisories@github.com | 5.1 | 2.5 | 2.5 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
CWE-703 Improper Check or Handling of Exceptional Conditions
The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.
https://github.com/datahihi1/tiny-env/security/advisories/GHSA-3j7m-5g4q-gfpc
https://github.com/datahihi1/tiny-env/commit/69b7b885e6cfbf07f470fb3512360e0caa95521e