By submitting a suitably crafted email address making use of Unicode characters, that compared equal to an existing user email when lower-cased for comparison, an attacker could be sent a password reset token for the matched account.changed the description 4 times within 10 minutes changed the descriptionmade the issue visible to everyone