Siudin

**Name of the Vulnerable Software and Affected Versions** librepo versions prior to 1.12.1 **Description** A directory traversal issue was found in librepo where it failed to sanitize paths in remote repository metadata. This could allow an attacker controlling a remote repository to copy files outside of the destination directory on the targeted system via path traversal, potentially resulting in system compromise by overwriting critical system files. The highest threat is to users who use untrusted third-party repositories. **Recommendations** For versions prior to 1.12.1, update to version 1.12.1 or later to resolve the issue. As a temporary workaround, consider avoiding the use of untrusted third-party repositories until the update is applied.