This was reported and fixed upstream [1] and at the time, only python >= 3.10.6 was affected and fixed. The fix has since been backported to older versions of python, so we need to backport the fix for [1]. [1] https://bugs.launchpad.net/nova/+bug/1986545 [2] https://python-security.readthedocs.io/vuln/http-server-redirection.html
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Release of components for Red Hat OpenStack Platform 17.1 (Wallaby)), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2023:4577