[MEDIUM] Carbon has an arbitrary file include via unvalidated input passed to Carbon::setLocale

PKSA-csyb-yc4p-mnbs CVE-2025-22145 GHSA-j3f9-p6hm-5w6q

Affected package: nesbot/carbon

Affected version: <2.72.6|>=3.0.0,<3.8.4

Reported by:
GitHub