Multiple Python versions in Foreman - Security Vulnerabilities

Problem:

We see multiple versions of Python software installations by Foreman application in RHEL.

Some of the packages in Python versions have been flagged for high security vulnerabilities.
For e.g:
Python Library Brotli <= 1.1.0 DoS

Is there a way to find out all the Python versions used by Foreman

so we can uninstall the Python version that are not used

Python versions:

3.9

3.11

3.12

Expected outcome:

No multiple python versions in Foreman

Foreman and Proxy versions:

foreman-3.18.0-0.5.rc2.el9.noarch

foreman-proxy-3.18.0-0.1.rc2.el9.noarch

Foreman and Proxy plugin versions:

foreman-tasks, 11.1.0

foreman_remote_execution, 16.5.1

katello, 4.20.0

Distribution and version:

Red Hat Enterprise Linux release 9.7 (Plow)

Other relevant data:

Hi there!

Actually multiple versions are in use right now, 3.9 is basically the system Python of RHEL 9.

And then Pulpcore has once been using 3.11 until version 3.63,
since version 3.73 it’s using 3.12.
As well as Ansible if you have that installed that is also using 3.12.

So yeah, not sure what exactly is still using python3.11, or if anything, at least I can’t say with confidense that you can just remove it.

Anyways, about the question of the vulnerable python brotli version:
Could it be that your system is outdated? (because I also see that you are mentioning rc builds of foreman)
As far as I can see this issue got fixed by RHSA-2026:2042, aka python3.12-brotli-1.0.9-9

See also: Question about python3.11 packages in Foreman/Katello 3.16/4.18 - #2 by quba42