The application or its caching infrastructure can be manipulated to store and serve malicious content by poisoning cache entries through unkeyed request headers or parameters.
An attacker could serve malicious content to all users requesting the poisoned resource, enabling widespread XSS, redirects to phishing sites, or denial of service.
Carefully review which headers and parameters are used as cache keys. Strip unrecognized headers before caching. Use Vary headers correctly. Implement cache key normalization and validation.