Finn

**Name of the Vulnerable Software and Affected Versions** Deno versions prior to 1.43 **Description** The Deno sandbox may be unexpectedly weakened by allowing file read/write access to privileged files in various locations on Unix and Windows platforms. For example, reading `/proc/self/environ` may provide access equivalent to `--allow-env`, and writing `/proc/self/mem` may provide access equivalent to `--allow-all`. Users who grant read and write access to the entire filesystem may not realize that these accesses to these files may have additional, unintended consequences. **Recommendations** For Deno versions prior to 1.43, consider adding explicit deny flags to restrict access to sensitive files, such as `--deny-read=/dev`, `--deny-read=/sys`, `--deny-read=/proc`, `--deny-read=/etc`, `--deny-write=/dev`, `--deny-write=/sys`, `--deny-write=/proc`, and `--deny-write=/etc`. Note that symlinks in allowed locations may defeat this protection in earlier versions of Deno. For Deno 1.43 and above, ensure explicit `--allow-all` access is required to read or write `/etc`, `/dev` on Unix platforms, as well as `/proc` and `/sys` on Linux platforms, and any path starting with `` on Windows.