Описание
TinyEnv is an environment variable loader for PHP applications. In versions 1.0.1, 1.0.2, 1.0.9, and 1.0.10, TinyEnv did not require the .env file to exist when loading environment variables. This could lead to unexpected behavior where the application silently ignores missing configuration, potentially causing insecure defaults or deployment misconfigurations. The issue has been fixed in version 1.0.11. All users should upgrade to 1.0.11 or later. As a workaround, users can manually verify the existence of the .env file before initializing TinyEnv.
Уязвимые конфигурации
Конфигурация 1Версия от 1.0.1 (включая) до 1.0.3 (исключая)Версия от 1.0.9 (включая) до 1.0.11 (исключая)
Одно из
cpe:2.3:a:datahihi1:tinyenv:*:*:*:*:*:*:*:*
cpe:2.3:a:datahihi1:tinyenv:*:*:*:*:*:*:*:*
EPSS
Процентиль: 9%
0.00032
Низкий
5.1 Medium
CVSS3
7.3 High
CVSS3
Дефекты
CWE-703
Связанные уязвимости
CVSS3: 5.1
github
5 месяцев назад
TinyEnv: Missing .env file not required — may cause unexpected behavior
EPSS
Процентиль: 9%
0.00032
Низкий
5.1 Medium
CVSS3
7.3 High
CVSS3
Дефекты
CWE-703