Giuseppe Granato

**Name of the Vulnerable Software and Affected Versions** sleuthkit fls tool version 4.11.1 **Description** The issue allows attackers to execute arbitrary commands via a crafted value to the `m` parameter. This is an OS Command injection vulnerability. Note that there is a dispute regarding the impact of this issue, as some parties claim that the backtick command does not execute outside the context of the user account that entered the command line. **Recommendations** For sleuthkit fls tool version 4.11.1, consider restricting the use of the `m` parameter to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using crafted values for the `m` parameter. At the moment, there is no information about a newer version that contains a fix for this vulnerability.