Packagist (Composer) package
nesbot/carbon
pkg:composer/nesbot/carbon
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-22145 | Med | — | >= 3.0.0, < 3.8.4 | 3.8.4 | Jan 8, 2025 | Carbon is an international PHP extension for DateTime. Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows include or require to read it |
- affected >= 3.0.0, < 3.8.4fixed 3.8.4
Carbon is an international PHP extension for DateTime. Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows include or require to read it