Nayeemrmn

**Name of the Vulnerable Software and Affected Versions** Deno versions 1.41.3 through 2.1.12 Deno versions 1.41.3 through 2.2.12 Deno versions 1.41.3 through 2.3.1 **Description** The issue affects Deno, a JavaScript, TypeScript, and WebAssembly runtime, where the `--deny-*` flag is not prioritized over the `--allow-*` flag. This results in allowed access even when 'deny' should be stronger. The issue only affects a specific combination of flags and is not expected to have a significant impact on users. **Recommendations** For Deno versions 1.41.3 through 2.1.12, upgrade to version 2.1.13 to receive a patch. For Deno versions 1.41.3 through 2.2.12, upgrade to version 2.2.13 to receive a patch. For Deno versions 1.41.3 through 2.3.1, upgrade to version 2.3.2 to receive a patch.

**Name of the Vulnerable Software and Affected Versions** Deno versions 1.5.0 through 1.10.1 **Description** The issue concerns modules dynamically imported through `import()` or `new Worker` that might bypass network and file system permission checks when statically importing other modules. An attacker in control of a module in a program's module graph could initiate GET requests to arbitrary URLs and possibly read the contents of these resources, or check for existence of arbitrary paths on the file system and possibly read the contents of these files. This vulnerability was not present in releases prior to 1.5.0 and was not abused in the wild, as indicated by the lack of reports and the default behavior of Deno printing a "Download" message when remote imports are downloaded. **Recommendations** For Deno versions 1.5.0 through 1.10.1, upgrade to Deno release 1.10.2 by running the `deno upgrade` command to patch the vulnerability. At the moment, there is no workaround for this issue other than upgrading to the patched version.