alt Hacker NewsJavaScript has to escape the browser sandbox, does telnet have a similar sandbox? Or can it access the system directly?
I don't know the answer but if telnet can directly access the system that seems more dangerous irrespective of the attack surface.
Telnet is "sandboxed" in that it can only output characters to your tty, however that in itself is quite a powerful primitive.
The ANSI control characters wield power of a huge stack of not very robust code
https://nvd.nist.gov/vuln/detail/CVE-2024-56803