{"id":"PYSEC-2026-693","summary":"Open Redirect in CPython that affects users of OpenStack Nova","details":"A vulnerability was found in CPython which is used by openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.","aliases":["CVE-2021-3654","GHSA-vqp6-j452-j6wp"],"modified":"2026-07-06T08:00:11.935357202Z","published":"2026-07-02T14:13:15.447305Z","references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3654"},{"type":"WEB","url":"https://bugs.launchpad.net/nova/+bug/1927677"},{"type":"WEB","url":"https://bugs.python.org/issue32084"},{"type":"WEB","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1961439"},{"type":"PACKAGE","url":"https://opendev.org/openstack/nova"},{"type":"WEB","url":"https://opendev.org/openstack/nova/commit/04d48527b62a35d912f93bc75613a6cca606df66"},{"type":"WEB","url":"https://opendev.org/openstack/nova/commit/8906552cfc2525a44251d4cf313ece61e57251eb"},{"type":"WEB","url":"https://security.gentoo.org/glsa/202305-02"},{"type":"WEB","url":"https://security.openstack.org/ossa/OSSA-2021-002.html"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2021/07/29/2"},{"type":"PACKAGE","url":"https://pypi.org/project/nova"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-vqp6-j452-j6wp"}],"affected":[{"package":{"name":"nova","ecosystem":"PyPI","purl":"pkg:pypi/nova"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"21.2.3"},{"introduced":"22.0.0"},{"fixed":"22.2.3"},{"introduced":"23.0.0"},{"fixed":"23.0.3"}]}],"versions":["15.1.5","16.1.6","16.1.7","16.1.8","17.0.10","17.0.11","17.0.12","17.0.13","17.0.7","17.0.8","17.0.9","18.0.2","18.0.3","18.1.0","18.2.0","18.2.1","18.2.2","18.2.3","18.3.0","19.0.0","19.0.0.0rc1","19.0.0.0rc2","19.0.1","19.0.2","19.0.3","19.1.0","19.2.0","19.3.0","19.3.1","19.3.2","20.0.0","20.0.0.0rc1","20.0.0.0rc2","20.0.1","20.1.0","20.1.1","20.2.0","20.3.0","20.4.0","20.4.1","20.5.0","20.6.0","20.6.1","21.0.0","21.0.0.0rc1","21.0.0.0rc2","21.1.0","21.1.1","21.1.2","21.2.0","21.2.1","21.2.2","22.0.0","22.0.1","22.1.0","22.2.0","22.2.1","22.2.2","23.0.0","23.0.1","23.0.2"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/nova/PYSEC-2026-693.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}