CVE-2025-58758: TinyEnv: Missing .env file not required — may cause unexpected behavior
(updated )
TinyEnv did not require the .env file to exist when loading environment variables.
This could lead to unexpected behavior where the application silently ignores missing configuration, potentially causing insecure defaults or deployment misconfigurations.
Affected versions:
- 1.0.1 → 1.0.2
- 1.0.9 → 1.0.10
References
- github.com/advisories/GHSA-3j7m-5g4q-gfpc
- github.com/datahihi1/tiny-env
- github.com/datahihi1/tiny-env/commit/69b7b885e6cfbf07f470fb3512360e0caa95521e
- github.com/datahihi1/tiny-env/commit/7dc656c58bef6050afb8f7a395e38227e31a66df
- github.com/datahihi1/tiny-env/security/advisories/GHSA-3j7m-5g4q-gfpc
- nvd.nist.gov/vuln/detail/CVE-2025-58758
Code Behaviors & Features
Detect and mitigate CVE-2025-58758 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →