PyPi: Requests-Doh

CVE-2023-29483

Transitive

Safety vulnerability ID: 73107

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Apr 11, 2024 Updated at Sep 08, 2024
Scan your Python projects for vulnerabilities →

Advisory

Requests-doh 1.0.0 updates its dependency 'dnspython' to v2.6.1 to include a security fix.

Affected package

requests-doh

Latest version: 1.0.0

DNS over HTTPS resolver for python requests

Affected versions

Fixed versions

Vulnerability changelog

In summary, this update introduce some breaking changes to resolver session and update library dependencies.

Breaking changes

Now function `requests_doh.resolver.set_resolver_session` only accept `httpx.Client` rather than `requests.Client`.
This is because [dnspython changes](https://dnspython.readthedocs.io/en/stable/whatsnew.html#id6) makes it no longer
accepting `requests.Client`

And `requests_doh.resolver.get_resolver_session` are now returning `httpx.Client` rather than `requests.Client`

Dependencies

- Bump requests from v2.31.0 to v2.32.3 due to [CVE-2024-35195](https://github.com/advisories/GHSA-9wx4-h78v-vm56)
- Bump dnspython from v2.3.0 to v2.6.1 due to [CVE-2023-29483](https://github.com/advisories/GHSA-3rq5-2g8h-59hc)

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application