Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9.

Embedding untrusted input inside CSV files leads to Formula Injection/CSV Injection