Improper Neutralization of Formula Elements in a CSV File in inventree/inventree

A vulnerability in InvenTree allows attackers to inject malicious formulas into CSV files that execute when opened in spreadsheet applications like Excel. This can lead to arbitrary code execution on a user's computer if they open a crafted CSV export.

The application fails to properly sanitize formula elements (e.g., =, +, -, @) when generating CSV exports, allowing CSV injection attacks. An attacker with the ability to influence data in the system can craft payloads that execute formulas in spreadsheet clients when the CSV file is opened, potentially resulting in code execution depending on the spreadsheet application's security settings.