id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
37101	Vary header cache key collision from missing delimiter	Jake Howard		"When a cached view varies on multiple headers, the values of those headers are concatenated together in the cache key. There is no delimiter, meaning the cache keys could overlap:

{{{
   X-Region: US
   X-Tenant: victim-corp
}}}

{{{

   X-Region: U
   X-Tenant: Svictim-corp
}}}

The above 2 examples would result in the same cache key, despite being different values. Changes to the cache key should be made to ensure values in this way don't collide.

----

This was previously reported to the Security Team by GeonHa. However, because it requires in depth knowledge of the system, a lack of user validation and similar values, it is not considered a vulnerability."	Bug	new	Core (Cache system)	6.0	Normal				Accepted	0	0	0	0	0	0