Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

URL encoding issue for Vulnerability IDs #1097

Closed
2 tasks done
KS-DR opened this issue Nov 19, 2024 · 0 comments · Fixed by #1098
Closed
2 tasks done

URL encoding issue for Vulnerability IDs #1097

KS-DR opened this issue Nov 19, 2024 · 0 comments · Fixed by #1098
Labels
defect Something isn't working p2 Non-critical bugs, and features that help organizations to identify and reduce risk size/S Small effort
Milestone
4.12.2

Comments

@KS-DR
Copy link

KS-DR commented Nov 19, 2024

Current Behavior

If one creates a vulnerability and uses special characters like "/" or "?" in the Vulnerability ID (e.g. TEST/ID), the vulnerability can't be reached afterwards, because the special characters are not properly encoded in the URL.

Steps to Reproduce

  1. Go to {Your-DT-URL}/vulnerabilities
  2. Click on "+ Create Vulnerability"
  3. As Vulnerability ID insert "TEST/0815-Vuln"
  4. Fill out the remaining form and click "Create"
  5. Get 404-Error

Expected Behavior

Vulnerability IDs should be encoded correctly, so that vulnerabilities can be reached after creation, even if special characters like / exist in the ID.

Dependency-Track Version

4.12.1

Dependency-Track Distribution

Container Image

Database Server

PostgreSQL

Database Server Version

14.7

Browser

Microsoft Edge

Checklist
@KS-DR KS-DR added defect Something isn't working in triage labels Nov 19, 2024
@nscuro nscuro added p2 Non-critical bugs, and features that help organizations to identify and reduce risk size/S Small effort and removed in triage labels Nov 19, 2024
@nscuro nscuro added this to the 4.12.2 milestone Nov 29, 2024
@nscuro nscuro transferred this issue from DependencyTrack/dependency-track Nov 29, 2024
@nscuro nscuro mentioned this issue Nov 29, 2024
Merged
1 task
@nscuro nscuro closed this as completed in ee0444b Nov 29, 2024
nscuro added a commit to nscuro/dependency-track-frontend that referenced this issue Nov 29, 2024
@nscuro
Fix missing URI encoding for vulnerability IDs
0692846 
Fixes DependencyTrack#1097

Signed-off-by: nscuro <[email protected]>
@nscuro nscuro mentioned this issue Nov 29, 2024
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
defect Something isn't working p2 Non-critical bugs, and features that help organizations to identify and reduce risk size/S Small effort
Projects
None yet
Milestone
4.12.2
Development

Successfully merging a pull request may close this issue.

Fix missing URI encoding for vulnerability IDs nscuro/dependency-track-frontend
2 participants
@nscuro @KS-DR