GitLab: CSV injection in gitlab.com via issues export feature.

Dear GitLab bug bounty team, Summary --- GitLab allows users to export issues as a .csv file. By injecting a payload into an issue title an attacker could exfiltrate data or execute code on the target machine. For instance, by naming an issue =cmd|' /C calc'!A0 I am able to open up calc.exe on...