Workflow

PyPi: Requests-Doh

CVE-2023-29483

Transitive

Safety vulnerability ID: 73107

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Apr 11, 2024 Updated at Jun 26, 2025
Scan your Python projects for vulnerabilities →

Advisory

[This advisory has been limited. Please create a free account to view the full advisory.]

Affected package

requests-doh

Latest version: 1.0.0

DNS over HTTPS resolver for python requests

Affected versions

[This affected versions has been limited. Please create a free account to view the full affected versions.]

Fixed versions

[This fixed versions has been limited. Please create a free account to view the full fixed versions.]

Vulnerability changelog

In summary, this update introduce some breaking changes to resolver session and update library dependencies.

Breaking changes

Now function `requests_doh.resolver.set_resolver_session` only accept `httpx.Client` rather than `requests.Client`.
This is because [dnspython changes](https://dnspython.readthedocs.io/en/stable/whatsnew.html#id6) makes it no longer
accepting `requests.Client`

And `requests_doh.resolver.get_resolver_session` are now returning `httpx.Client` rather than `requests.Client`

Dependencies

- Bump requests from v2.31.0 to v2.32.3 due to [CVE-2024-35195](https://github.com/advisories/GHSA-9wx4-h78v-vm56)
- Bump dnspython from v2.3.0 to v2.6.1 due to [CVE-2023-29483](https://github.com/advisories/GHSA-3rq5-2g8h-59hc)

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application