Mike Holloway

**Name of the Vulnerable Software and Affected Versions** libsoup versions prior to 2.35.4 libsoup2.4 (affected versions not specified) libsoup-debuginfo-2.28.2 libsoup-devel-2.28.2 libsoup-2.28.2 **Description** The issue allows remote attackers to exploit a directory traversal vulnerability in the `soup-uri.c` file of the `SoupServer` in `libsoup`, potentially leading to unauthorized access to arbitrary files via a `%2e%2e` (encoded dot dot) in a URI. This could result in a breach of confidentiality of protected information. The vulnerability can be exploited remotely. **Recommendations** For versions prior to 2.35.4, update to version 2.35.4 or later to resolve the issue. For libsoup2.4, no specific fix is provided, but ensuring the software is updated to the latest version may help mitigate the risk. For libsoup-debuginfo-2.28.2, libsoup-devel-2.28.2, and libsoup-2.28.2, consider restricting access to the `soup-uri.c` file and the `SoupServer` until a patch is available. As a temporary workaround, consider disabling the `SoupServer` functionality until a patch is available.