The email channel authorizes senders based on the parsed From header identity only. If upstream email authentication/enforcement is weak (for example, relaxed SPF/DKIM/DMARC handling), an attacker can spoof an allowlisted sender address and have the message treated as trusted input.
Relevant code paths:
src/channels/email_channel.rs:311 extracts sender identity from parsed message headers:let from = parsed.from() ... a.address() ...src/channels/email_channel.rs:328 authorizes using that from value:if !self.is_sender_allowed(&from) { ... }src/channels/email_channel.rs:87 onward (is_sender_allowed) performs allowlist/domain matching against the same header-derived value.Result:
- Trust decision is based on a potentially spoofable header field unless mailbox/provider-side anti-spoofing controls are strong and enforced.
channels.email.enabled = truechannels.email.allowed_senders = ["[email protected]"]channels.email.deny_by_default = truepython - <<'PY'
import smtplib
from email.message import EmailMessage
msg = EmailMessage()
msg["From"] = "[email protected]" # forged trusted sender
msg["To"] = "[email protected]"
msg["Subject"] = "forged control message"
msg.set_content("FORGED EMAIL CONTENT")
# Example test SMTP endpoint
with smtplib.SMTP("127.0.0.1", 25) as s:
s.send_message(msg)
PY
[email protected] and published as inbound channel input.From headers may bypass logical sender allowlist.Add a sender-authentication gate in src/channels/email_channel.rs immediately after parsing from (src/channels/email_channel.rs:311) and before allowlist enforcement (src/channels/email_channel.rs:328). The gate should require trusted SPF/DKIM/DMARC evidence with domain alignment (for example, DMARC=pass, or aligned SPF/DKIM pass) before is_sender_allowed is evaluated. For backward compatibility, add a configurable mode in EmailConfig (for example, sender_verification_mode), but recommend hardened settings in production: dmarc_aligned, exact-address allowlists, and deny_by_default=true.
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 6.5 | 3.1 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-4cm8-xpfv-jv6f ↗ |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| rust | zeptoclaw | <= 0.7.5 | 0.7.6 | — |