You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Put an X between the brackets on this line if you have done all of the following:
Checked the FAQs on the message board for common solutions: (TBD)
Checked that your issue isn't already filed.
Description
If a JSON contains an URL with Chinese characters the validation fails.
Steps to Reproduce
Create a JSON file with an URL element
Put something like https://github.com/4nNns/cveAdd/blob/developer/sqli/万户EZOFFICE%20前台SQL注入漏洞.md in it
Try to upload the file
Expected behavior:
JSON file is accepted
Actual behavior:
JSON file is rejected
Reproduces how often:
100%
Versions
2.2.0
Additional Information
We had this problem with CVE-2024-1012 and encoded the URL to https://github.com/4nNns/cveAdd/blob/b73e94ff089ae2201d9836b4d61b8175ff21618a/sqli/%E4%B8%87%E6%88%B7EZOFFICE%20%E5%89%8D%E5%8F%B0SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md to circumvent the error as a workaround.
The text was updated successfully, but these errors were encountered:
I think the behavior is correct: The JSON schema specifies uriType as `"format": "uri" and "according to RFC 3986". IMHO, this requires Chinese Characters to be percent-encoded.
Prerequisites
Description
If a JSON contains an URL with Chinese characters the validation fails.
Steps to Reproduce
https://github.com/4nNns/cveAdd/blob/developer/sqli/万户EZOFFICE%20前台SQL注入漏洞.md
in itExpected behavior:
JSON file is accepted
Actual behavior:
JSON file is rejected
Reproduces how often:
100%
Versions
2.2.0
Additional Information
We had this problem with CVE-2024-1012 and encoded the URL to
https://github.com/4nNns/cveAdd/blob/b73e94ff089ae2201d9836b4d61b8175ff21618a/sqli/%E4%B8%87%E6%88%B7EZOFFICE%20%E5%89%8D%E5%8F%B0SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md
to circumvent the error as a workaround.The text was updated successfully, but these errors were encountered: