bottle is vulnerable to HTTP request smuggling. An attacker is able to send a malicious request containing a separate query parameter using a semicolon (;), resulting in unexpected interpretations of the request between the proxy and the server, and potentially poisoning the web cache.