CNNVD-202509-1179 Information

CNNVD ID

CNNVD-202509-1179

Related CVE

CVE-2025-58758

• CNNVD Published: 2025-09-09

Description (Chinese)

TinyEnv是Dat Duy个人开发者的一个环境变量加载器。 TinyEnv 1.0.1版本、1.0.2版本、1.0.9版本和1.0.10版本存在安全漏洞，该漏洞源于.env文件存在检查缺失，可能导致不安全默认配置。

Description (English)

TinyEnv is an environmental variable loader for Dat Duy personal developers. There is a security loophole in TinyEnv, Version 1.0.1, Version 1.0.2, Version 1.0.9 and Version 1.0.10, which stems from the absence of checks of .env files, which may lead to unsafe default configurations.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-09-09

Last Modified

2026-02-24

References

https://github.com/datahihi1/tiny-env/security/advisories/GHSA-3j7m-5g4q-gfpc https://github.com/datahihi1/tiny-env/commit/69b7b885e6cfbf07f470fb3512360e0caa95521e https://access.redhat.com/security/cve/cve-2025-58758

Patch

https://www.npmjs.com/package/tiny-env