Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
TinyEnv: Missing .env file not required — may cause unexpected behavior
Vulnerability Description
TinyEnv is an environment variable loader for PHP applications. In versions 1.0.1, 1.0.2, 1.0.9, and 1.0.10, TinyEnv did not require the `.env` file to exist when loading environment variables. This could lead to unexpected behavior where the application silently ignores missing configuration, potentially causing insecure defaults or deployment misconfigurations. The issue has been fixed in version 1.0.11. All users should upgrade to 1.0.11 or later. As a workaround, users can manually verify the existence of the `.env` file before initializing TinyEnv.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
对异常条件检查或处理不恰当
Vulnerability Title
TinyEnv 安全漏洞
Vulnerability Description
TinyEnv是Dat Duy个人开发者的一个环境变量加载器。 TinyEnv 1.0.1版本、1.0.2版本、1.0.9版本和1.0.10版本存在安全漏洞,该漏洞源于.env文件存在检查缺失,可能导致不安全默认配置。
CVSS Information
N/A
Vulnerability Type
N/A