Injection of escape sequences opens up the possibility for concealing / modifying viewed data, and code execution (as some esc seqs feed data back to stdin).
So far, the places I managed to find a successful injection are:
id
from the file name_
in visual mode)In the poc it is demonstrated by a change in color.
radare2 5.8.1 29949 @ linux-x86-64 git.5.8.0-65-g1100e12169
commit: 1100e12169dbdbe10081d4094129a5247738ecb1
tested in gnome-terminal