BOM upload fails when externalReferences.url contains multiple URL entries

[saishivarcr]

Current Behavior

When I upload a BOM(json format) containing two URLs separated by a space, as shown below, I encounter an error stating, "The uploaded BOM is invalid."

"externalReferences": [
                {
                    "url": "http://web.mit.edu/kerberos/www/ http://h5l.org",
                    "type": "distribution"
                }
            ]

Error

[DependencyTrack] {"status":400,"title":"The uploaded BOM is invalid","detail":"Schema validation failed","errors":["$.components[567].externalReferences[0].url: does not match the iri-reference pattern must be a valid RFC 3987 IRI-reference","$.components[567].externalReferences[0].url: does not match the iri-reference pattern must be a valid RFC 3987 IRI-reference","$.components[567].externalReferences[0].url: does not match the regex pattern ^urn:cdx:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/[1-9][0-9]*$","$.components[567].externalReferences[0].url: does not match the iri-reference pattern must be a valid RFC 3987 IRI-reference","$.components[567].externalReferences[0].url: does not match the regex pattern ^urn:cdx:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/[1-9][0-9]*#.+$"]}

Interestingly, the same BOM in XML format works without issues.

Steps to Reproduce

1.Attached sample BOM(json format) for issue reproduction.
sbom-1.json

Expected Behavior

Expecting BOM(json) upload to be successful as in case of XML BOM format.

Dependency-Track Version

4.7.x

Dependency-Track Distribution

Container Image

Database Server

PostgreSQL

Database Server Version

No response

Browser

Google Chrome

Checklist

• I have read and understand the contributing guidelines
• I have checked the existing issues for whether this defect was already reported