Email address can be matched to an account

PKSA-5bhv-mh89-c2dq CVE-2016-3170

Affected package: drupal/drupal

Affected version: >=8.0,<8.0.4

Reported by:
FriendsOfPHP/security-advisories