Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export.
puppet puppet enterprise