Mautic versions before 2.13.0 had a vulnerability that allowed a CSV injection with exported contact lists - https://www.owasp.org/index.php/CSV_Injection.
Update to 2.13.0 or later.
None.
If you have any questions or comments about this advisory: