Double-Encoding URI Breaks Some External Reference Links

[msymons]

Current Behavior

Import BOM that contains this in externalReferences:

        {
          "type" : "static-analysis-report",
          "url" : "https://foo.bar.com/dashboard?id=bar.foo.common%3Aservice-common",
          "comment" : "SonarQube"
        },

• When I then export the BOM from DT the URL exactly matches what had been imported and is (thus) correct
• When I navigate via UI to theproject and display the external references, the URL displays OK.
• But when click on the link, I get directed to: https://foo.bar.com/dashboard?id=bar.foo.common%253Aservice-common

ie, the already-encoded %3A has been incorrectly double encoded to become %253A

Steps to Reproduce

1. I used cyclonedx-maven-plugin v2.8.0 to generate my BOM, generating a schema 1.5 BOM (the default for this version).
2. The above example used static-analysis-report (introduced in 1.5) but I am sure that any valid external reference could be used to demonstrate the URL defect (the listing of types is documented here in the guide).
3. Configuration of External References in cyclonedx-maven-plugin is documented here

Expected Behavior

URL value for externalReference should be correct when appearing in the frontend.

Dependency-Track Frontend Version

4.10.0

Browser

Mozilla Firefox

Browser Version

124.0.1

Operating System

Windows

Checklist

• I have read and understand the contributing guidelines
• I have checked the existing issues for whether this defect was already reported