{"id":"CVE-2022-45639","details":"OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter. NOTE: third parties have disputed this because there is no analysis showing that the backtick command executes outside the context of the user account that entered the command line.","modified":"2026-04-10T04:52:29.724829Z","published":"2023-01-24T02:15:09.817Z","references":[{"type":"WEB","url":"http://packetstormsecurity.com/files/171649/Sleuthkit-4.11.1-Command-Injection.html"},{"type":"WEB","url":"https://www.binaryworld.it/guidepoc.asp#CVE-2022-45639"},{"type":"EVIDENCE","url":"http://www.binaryworld.it/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sleuthkit/sleuthkit","events":[{"introduced":"0"},{"last_affected":"16f14f39bc1c22da823e1fa53ca451da808244f5"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.11.1"}]}}],"versions":["sleuthkit-4.0.2","sleuthkit-4.11.1","sleuthkit-4.6.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-45639.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}