CSV-Safe gem < 3.0.0 doesn't filter out special characters which could trigger CSV Injection.