It's possible to inject code into the cache to be executed by another user on the first run of application.
vulners.com/securityvulns/securityvulns:doc:9716