Bundled Python version has multiple vulnerabilities

[glnbrns]

Describe the bug

Release 2.49 installed on Windows with Python.exe version 3.10.10 which has the below 3 vulnerabilities.

CVE-2023-0464 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0464
CVE-2023-0466 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0466
CVE-2023-24329 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24329

Related command

az --version

Listed Python version has multiple vulnerabilities

Errors

No error in output. SDK update required.

Issue script & Debug output

No Issue in script . SDK update required.

Expected behavior

The SDK should include the latest python version 3.10.12 which addresses these issues.

https://www.python.org/downloads/release/python-31012/

Environment Summary

azure-cli 2.49.0

core 2.49.0
telemetry 1.0.8

Dependencies:
msal 1.20.0
azure-mgmt-resource 22.0.0

Python location 'C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\python.exe'
Extensions directory 'C:\Users\gbarnes1.azure\cliextensions'

Python (Windows) 3.10.10 (tags/v3.10.10:aad5f6a, Feb 7 2023, 17:05:00) [MSC v.1929 32 bit (Intel)]

Legal docs and information: aka.ms/AzureCliLegal

Additional context

No response

[yonzhan]

Thank you for opening this issue, we will look into it.

[bebound]

There CVEs are fixed in 3.10.12. Howerver, Python 3.10 is now in the "security fixes only" stage of its life cycle and but Python 3.10.11 was the last full bugfix release of Python 3.10 with binary installers. We can not easily bump to 3.10.12.

I'll try to bump bundled Python to 3.11. Tracked by #24494

Ref: https://www.python.org/downloads/release/python-31012/