Final Changes - Adding Changelog + deprecated-node-mappings + ALL JSON Sorting + SCW

Author: abhinav-nain

CHANGELOG.md

@@ -12,6 +12,44 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/) and this p
 
 ### Changed
 
+## [v1.16](https://github.com/bugcrowd/vulnerability-rating-taxonomy/compare/v1.15.1...v1.16) - 2025-06-23
+
+### Added
+
+- Broken Access Control (BAC) - Bypass of Password Confirmation - Change Password - P4
+- Sensitive Data Exposure - GraphQL Introspection Enabled - P5
+- AI Application Security - Training Data Poisoning - Backdoor Injection / Bias Manipulation - P1
+- AI Application Security - Model Extraction - API Query-Based Model Reconstruction - P1
+- AI Application Security - Sensitive Information Disclosure - Cross-Tenant PII Leakage/Exposure - P1
+- AI Application Security - Sensitive Information Disclosure - Key Leak - P1
+- AI Application Security - Remote Code Execution - Full System Compromise - P1
+- AI Application Security - Remote Code Execution - Sandboxed Container Code Execution  - P2
+- AI Application Security - Prompt Injection - System Prompt Leakage - P2
+- AI Application Security - Vector and Embedding Weaknesses - Embedding Exfiltration / Model Extraction - P2
+- AI Application Security - Vector and Embedding Weaknesses - Semantic Indexing - P3
+- AI Application Security - Denial-of-Service (DoS) - Application-Wide - P2
+- AI Application Security - AI Safety - Misinformation / Wrong Factual Data - P4
+- AI Application Security - Insufficient Rate Limiting - Query Flooding / API Token Abuse - P4
+- AI Application Security - Denial-of-Service (DoS) - Tenant-Scoped - P4
+- AI Application Security - Adversarial Example Injection - AI Misclassification Attacks - P4
+- AI Application Security - Improper Output Handling - Cross-Site Scripting (XSS) - P3
+- AI Application Security - Improper Output Handling - Markdown/HTML Injection  - P4
+- AI Application Security - Improper Input Handling - ANSI Escape Codes - P5
+- AI Application Security - Improper Input Handling - Unicode Confusables - P5
+- AI Application Security - Improper Input Handling - RTL Overrides - P5
+
+### Removed
+
+- AI Application Security - Large Language Model (LLM) Security - LLM Output Handling  - P1
+- AI Application Security - Large Language Model (LLM) Security - Prompt Injection  - P1
+- AI Application Security - Large Language Model (LLM) Security - Training Data Poisoning  - P1
+- AI Application Security - Large Language Model (LLM) Security - Excessive Agency/Permission Manipulation - P2
+
+### Other
+
+- Removed CVSS score for VRT entries with 'VARIES' priority, and added default CVSS (0 score) wherever missing.
+- Fixed 'deprecated-node-mapping.json' file to reflect the correct format and fill in missing values.
+
 ## [v1.15.1](https://github.com/bugcrowd/vulnerability-rating-taxonomy/compare/v1.15...v1.15.1) - 2025-03-11
 
 ### Added

deprecated-node-mapping.json

@@ -7,138 +7,138 @@
       "id": "ai_application_security",
       "children": [
         {
-          "id": "training_data_poisoning",
+          "id": "adversarial_example_injection",
           "children": [
             {
-              "id": "backdoor_injection_bias_manipulation",
-              "cvss_v3": "AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"
+              "id": "ai_misclassification_attacks",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L"
             }
           ]
         },
         {
-          "id": "model_extraction",
+          "id": "ai_safety",
           "children": [
             {
-              "id": "api_query_based_model_reconstruction",
-              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+              "id": "misinformation_wrong_factual_data",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N"
             }
           ]
         },
         {
-          "id": "sensitive_information_disclosure",
+          "id": "denial_of_service_dos",
           "children": [
             {
-              "id": "cross_tenant_pii_leakage_exposure",
-              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"
+              "id": "application_wide",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"
             },
             {
-              "id": "key_leak",
-              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+              "id": "tenant_scoped",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"
             }
           ]
         },
         {
-          "id": "remote_code_execution",
+          "id": "improper_input_handling",
           "children": [
             {
-              "id": "full_system_compromise",
-              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
+              "id": "ansi_escape_codes",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"
             },
             {
-              "id": "sandboxed_container_code_execution",
-              "cvss_v3": "AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H"
+              "id": "rtl_overrides",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"
+            },
+            {
+              "id": "unicode_confusables",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"
             }
           ]
         },
         {
-          "id": "prompt_injection",
+          "id": "improper_output_handling",
           "children": [
             {
-              "id": "system_prompt_leakage",
-              "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"
+              "id": "cross_site_scripting_xss",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+            },
+            {
+              "id": "markdown_html_injection",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
             }
           ]
         },
         {
-          "id": "vector_and_embedding_weaknesses",
+          "id": "insufficient_rate_limiting",
           "children": [
             {
-              "id": "embedding_exfiltration_model_extraction",
-              "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"
-            },
-            {
-              "id": "semantic_indexing",
-              "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
+              "id": "query_flooding_api_token_abuse",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"
             }
           ]
         },
         {
-          "id": "denial_of_service_dos",
+          "id": "model_extraction",
           "children": [
             {
-              "id": "application_wide",
-              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"
-            },
-            {
-              "id": "tenant_scoped",
-              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"
+              "id": "api_query_based_model_reconstruction",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
             }
           ]
         },
         {
-          "id": "improper_output_handling",
+          "id": "prompt_injection",
           "children": [
             {
-              "id": "cross_site_scripting_xss",
-              "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
-            },
-            {
-              "id": "markdown_html_injection",
-              "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+              "id": "system_prompt_leakage",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"
             }
           ]
         },
         {
-          "id": "ai_safety",
+          "id": "remote_code_execution",
           "children": [
             {
-              "id": "misinformation_wrong_factual_data",
-              "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N"
+              "id": "full_system_compromise",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
+            },
+            {
+              "id": "sandboxed_container_code_execution",
+              "cvss_v3": "AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H"
             }
           ]
         },
         {
-          "id": "insufficient_rate_limiting",
+          "id": "sensitive_information_disclosure",
           "children": [
             {
-              "id": "query_flooding_api_token_abuse",
-              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"
+              "id": "cross_tenant_pii_leakage_exposure",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"
+            },
+            {
+              "id": "key_leak",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
             }
           ]
         },
         {
-          "id": "adversarial_example_injection",
+          "id": "training_data_poisoning",
           "children": [
             {
-              "id": "ai_misclassification_attacks",
-              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L"
+              "id": "backdoor_injection_bias_manipulation",
+              "cvss_v3": "AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"
             }
           ]
         },
         {
-          "id": "improper_input_handling",
+          "id": "vector_and_embedding_weaknesses",
           "children": [
             {
-              "id": "ansi_escape_codes",
-              "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"
-            },
-            {
-              "id": "unicode_confusables",
-              "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"
+              "id": "embedding_exfiltration_model_extraction",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"
             },
             {
-              "id": "rtl_overrides",
-              "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"
+              "id": "semantic_indexing",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
             }
           ]
         }
@@ -348,6 +348,10 @@
     {
       "id": "broken_access_control",
       "children": [
+        {
+          "id": "bypass_of_password_confirmation",
+          "cvss_v3": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"
+        },
         {
           "id": "exposed_sensitive_android_intent",
           "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
@@ -356,10 +360,6 @@
           "id": "exposed_sensitive_ios_url_scheme",
           "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
         },
-        {
-          "id": "bypass_of_password_confirmation",
-          "cvss_v3": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"
-        },
         {
           "id": "privilege_escalation",
           "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
@@ -913,10 +913,6 @@
       "id": "sensitive_data_exposure",
       "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
       "children": [
-        {
-          "id": "graphql_introspection_enabled",
-          "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
-        },
         {
           "id": "disclosure_of_secrets",
           "children": [
@@ -947,6 +943,10 @@
             }
           ]
         },
+        {
+          "id": "graphql_introspection_enabled",
+          "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+        },
         {
           "id": "json_hijacking",
           "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N"

mappings/cvss_v3/cvss_v3.json

@@ -774,12 +774,6 @@
         "CWE-934"
       ],
       "children": [
-        {
-          "id": "graphql_introspection_enabled",
-          "cwe": [
-            "CWE-200"
-          ]
-        },
         {
           "id": "disclosure_of_known_public_information",
           "cwe": [
@@ -803,6 +797,12 @@
             "CWE-200"
           ]
         },
+        {
+          "id": "graphql_introspection_enabled",
+          "cwe": [
+            "CWE-200"
+          ]
+        },
         {
           "id": "non_sensitive_token_in_url",
           "cwe": [

mappings/cwe/cwe.json

@@ -1208,14 +1208,10 @@
         "https://www.cvedetails.com/vulnerability-list/opginf-1/gain-information.html"
       ],
       "children": [
-        {
-          "id": "graphql_introspection_enabled",
-          "remediation_advice": "Disable GraphQL introspection in production environments to prevent attackers from enumerating the API schema."
-        }, 
         {
           "id": "disclosure_of_known_public_information",
           "remediation_advice": "As a best practice, avoid disclosing known public information unnecessarily."
-        },       
+        },
         {
           "id": "disclosure_of_secrets",
           "remediation_advice": "1. Do not store secrets in source code that is publicly accessible such as in a public GitHub repository.\n2. Critically sensitive data should not be transmitted in cleartext. Make sure to only use `HTTPS` whenever transmitting passwords and private API keys.\n3. Set appropriate headers to prevent caching of sensitive data when served to end-user."
@@ -1227,6 +1223,10 @@
             "http://resources.infosecinstitute.com/metadata-and-information-security/"
           ]
         },
+        {
+          "id": "graphql_introspection_enabled",
+          "remediation_advice": "Disable GraphQL introspection in production environments to prevent attackers from enumerating the API schema."
+        },
         {
           "id": "json_hijacking",
           "remediation_advice": "Follow the JSON specification which requires an object as top level entity. If the top level object is an array, the response will be a valid Java Script code that might be parsed using a `<script>` tag.",
@@ -1324,17 +1324,17 @@
           ]
         },
         {
-          "id": "cache_poisoning",
-          "remediation_advice": "The most robust defense against cache poisoning is to disable caching. This is plainly unrealistic advice for some, but it's likely that some websites that start using a service like Cloudflare for DDoS protection or easy SSL end up vulnerable to cache poisoning simply because caching is enabled by default.\n\nRestricting caching to purely static responses is also effective, provided you're sufficiently wary about what you define as 'static'.\n\nLikewise, avoiding taking input from headers and cookies is an effective way to prevent cache poisoning, but it's hard to know if other layers and frameworks are sneaking in support for extra headers. You might want to audit every page of your application with Param Miner to flush out unkeyed inputs.\n\nOnce you've identified unkeyed inputs in your application, the ideal solution is to outright disable them. Failing that, you could strip the inputs at the cache layer, or add them to the cache key. Some caches let you use the Vary header to key unkeyed inputs, and others let you define custom cache keys but may restrict this feature to 'enterprise' customers.\n\nFinally, regardless of whether your application has a cache, some of your clients may have a cache at their end and as such client-side vulnerabilities like XSS in HTTP headers should never be ignored.",
+          "id": "cache_deception",
+          "remediation_advice": "The most effective way to prevent cache deception is to carefully control which responses are cached and to avoid caching responses that contain user-specific or sensitive data.\n\nEnsure that authentication-protected pages and any responses containing sensitive information explicitly disable caching via headers such as `Cache-Control: no-store, no-cache, must-revalidate` and `Pragma: no-cache`.\n\nBe particularly cautious with URL structures. Cache deception attacks often rely on tricking the cache into treating dynamic responses as static. A simple mitigation is to ensure that URLs ending in extensions like `.css`, `.js`, `.png`, etc., only serve static content and do not process dynamic requests.\n\nFor additional protection, configure your cache layer to only cache responses from a predefined allowlist of safe URL patterns. This prevents attackers from injecting deceptive paths that lead to cached sensitive data.\n\nAuditing your cache behavior using tools like Param Miner or manual testing can help identify and eliminate unintended caching of sensitive responses. Additionally, security headers such as `X-Content-Type-Options: nosniff` can help prevent certain forms of cache-related attacks.\n\nFinally, if your application uses a CDN or a reverse proxy (e.g., Cloudflare, Akamai, Varnish), ensure that caching rules are correctly configured to prevent caching of personalized or user-specific content.",
           "references": [
-            "https://portswigger.net/blog/practical-web-cache-poisoning"
+            "https://portswigger.net/web-security/web-cache-deception"
           ]
         },
         {
-          "id": "cache_deception",
-          "remediation_advice": "The most effective way to prevent cache deception is to carefully control which responses are cached and to avoid caching responses that contain user-specific or sensitive data.\n\nEnsure that authentication-protected pages and any responses containing sensitive information explicitly disable caching via headers such as `Cache-Control: no-store, no-cache, must-revalidate` and `Pragma: no-cache`.\n\nBe particularly cautious with URL structures. Cache deception attacks often rely on tricking the cache into treating dynamic responses as static. A simple mitigation is to ensure that URLs ending in extensions like `.css`, `.js`, `.png`, etc., only serve static content and do not process dynamic requests.\n\nFor additional protection, configure your cache layer to only cache responses from a predefined allowlist of safe URL patterns. This prevents attackers from injecting deceptive paths that lead to cached sensitive data.\n\nAuditing your cache behavior using tools like Param Miner or manual testing can help identify and eliminate unintended caching of sensitive responses. Additionally, security headers such as `X-Content-Type-Options: nosniff` can help prevent certain forms of cache-related attacks.\n\nFinally, if your application uses a CDN or a reverse proxy (e.g., Cloudflare, Akamai, Varnish), ensure that caching rules are correctly configured to prevent caching of personalized or user-specific content.",
+          "id": "cache_poisoning",
+          "remediation_advice": "The most robust defense against cache poisoning is to disable caching. This is plainly unrealistic advice for some, but it's likely that some websites that start using a service like Cloudflare for DDoS protection or easy SSL end up vulnerable to cache poisoning simply because caching is enabled by default.\n\nRestricting caching to purely static responses is also effective, provided you're sufficiently wary about what you define as 'static'.\n\nLikewise, avoiding taking input from headers and cookies is an effective way to prevent cache poisoning, but it's hard to know if other layers and frameworks are sneaking in support for extra headers. You might want to audit every page of your application with Param Miner to flush out unkeyed inputs.\n\nOnce you've identified unkeyed inputs in your application, the ideal solution is to outright disable them. Failing that, you could strip the inputs at the cache layer, or add them to the cache key. Some caches let you use the Vary header to key unkeyed inputs, and others let you define custom cache keys but may restrict this feature to 'enterprise' customers.\n\nFinally, regardless of whether your application has a cache, some of your clients may have a cache at their end and as such client-side vulnerabilities like XSS in HTTP headers should never be ignored.",
           "references": [
-            "https://portswigger.net/web-security/web-cache-deception"
+            "https://portswigger.net/blog/practical-web-cache-poisoning"
           ]
         },
         {