A web cache poisoning vulnerability was discovered on Shopify's CDN domains where cache servers treated backslashes and forward slashes as equivalent while origin servers returned 404 errors for paths with backslashes. This discrepancy allowed an attacker to send requests with backslashes instead o…