CVE-2025-58759

Name of the Vulnerable Software and Affected Versions: TinyEnv versions 1.0.9 through 1.0.10

Description: TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters, including # or comment text. Applications depending on strict environment values may expose logic errors, insecure defaults, or failed authentication.

Recommendations: Upgrade to version 1.0.11. Avoid using inline comments in .env files. Manually sanitize loaded values as a temporary workaround.