Yea, I was wondering about that; but the risk feels similar to a browser RCE to me. Maybe it's higher because browsers are more widely used/analyzed; but then again, a browser RCE has a much wider range of targets with more opportunities to exploit
Even just having the potential for the terminal to interpret escape codes is frustrating. Always pipe remote output to `less` or `less -R` (not `less -r`).
dundarious|4 years ago