CVE-2025-58759: TinyEnv: Inline comments not stripped properly in .env values
(updated )
TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters (including # or comment text). Applications depending on strict environment values may expose logic errors, insecure defaults, or failed authentication.
References
Code Behaviors & Features
Detect and mitigate CVE-2025-58759 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →