CNNVD-202509-1176 Information

CNNVD ID

CNNVD-202509-1176

Related CVE

CVE-2025-58759

• CNNVD Published: 2025-09-09

Description (Chinese)

TinyEnv是Dat Duy个人开发者的一个环境变量加载器。 TinyEnv 1.0.9版本和1.0.10版本存在输入验证错误漏洞，该漏洞源于内联注释处理不当，可能导致配置错误。

Description (English)

TinyEnv is an environmental variable loader for Dat Duy personal developers. TinyEnv 1.0.9 and 1.0.10 have input validation error holes, which stem from inappropriate handling of inline notes and may lead to configuration errors.

Hazard Level

High

Vulnerability Type

输入验证错误

Affected Vendor

个人开发者

Published

2025-09-09

Last Modified

2026-02-24

References

https://github.com/datahihi1/tiny-env/security/advisories/GHSA-72cm-7236-h43r https://access.redhat.com/security/cve/cve-2025-58759

Patch

https://www.npmjs.com/package/tiny-env