[omoikane]

Would it help if SSH clients don't pass TERM variable to identify that current terminal is capable of handling "\e]8" ? I assume TERM is how the remote application know that this exploit is available.

I also assume that this vulnerability is meant for remote apps accessed via SSH or similar, since a compromised app that is executed locally probably have easier exploits (they might just run calculator or whatever directly without going through escape sequences, for example).

[Joker_vD]

AFAIK, the remote applications simply do an isatty() check on the stdout and that's it; a proper terminal is then apparently expected to correctly skip and quietly ignore any OSC sequence it does not understand. See the source of ls [0], for example.

[0] https://github.com/coreutils/coreutils/blob/2a72cf1e9959f40b...

[yencabulator]

You don't need a "compromised app" if the escape codes are in a file you cat.