CISA Thorium uses .unwrap() to handle errors related to account verification email messages. An unauthenticated remote attacker could cause a crash by providing a specially crafted email address or response. Fixed in commit 6a65a27.
An exception is thrown from a function, but it is not caught.