Earlier versions of flatpak exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.