-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| nova | pip | < 12.0.0a0 | 12.0.0a0 |
Miggo AIRoot Cause AnalysisThe vulnerability stemmed from inefficient handling of security group rule updates. The key vulnerable code was in firewall.py where network info was retrieved via RPC calls (network.API().get_instance_nw_info()) for every instance in referenced security groups. The patch replaced these live network API calls with cached data (compute_utils.get_nw_info_for_instance()), explicitly addressing the quadratic scaling issue. The database query in sqlalchemy/api.py was modified to preload info_cache, but the primary vulnerability resided in the firewall rule processing logic making excessive network API requests.