This code is vulnerable to multiple security vulnerabilities:
- The token generation algorithm is SHA-1 which is known to collision attacks and is not a best practice to use it.
- There is a possibility of account takeover based on the actual implementation as an attacker may attempt to inject emails to get it routed to attacker email along with victim email.
- This also looks vulnerable to Host Header Injection attack.
Twitter Thread: https://twitter.com/harshbothra_/status/1496668703181651972