diff --git a/pom.xml b/pom.xml
index 53337bf5aa..717cbe0d05 100644
--- a/pom.xml
+++ b/pom.xml
@@ -93,7 +93,7 @@
         <lib.commons-compress.version>1.26.1</lib.commons-compress.version>
         <lib.cvss-calculator.version>1.4.2</lib.cvss-calculator.version>
         <lib.owasp-rr-calculator.version>1.0.1</lib.owasp-rr-calculator.version>
-        <lib.cyclonedx-java.version>9.0.3</lib.cyclonedx-java.version>
+        <lib.cyclonedx-java.version>9.0.4</lib.cyclonedx-java.version>
         <lib.greenmail.version>1.6.15</lib.greenmail.version>
         <lib.jackson.version>2.17.1</lib.jackson.version>
         <lib.jackson-databind.version>2.17.1</lib.jackson-databind.version>
diff --git a/src/test/java/org/dependencytrack/parser/cyclonedx/CycloneDxValidatorTest.java b/src/test/java/org/dependencytrack/parser/cyclonedx/CycloneDxValidatorTest.java
index 6312107a82..fc783623d0 100644
--- a/src/test/java/org/dependencytrack/parser/cyclonedx/CycloneDxValidatorTest.java
+++ b/src/test/java/org/dependencytrack/parser/cyclonedx/CycloneDxValidatorTest.java
@@ -218,4 +218,27 @@ public void testValidateWithValidBom(final Path bomFilePath) throws Exception {
         assertThatNoException().isThrownBy(() -> validator.validate(bomBytes));
     }
 
+    @Test // https://github.com/DependencyTrack/dependency-track/issues/3831
+    public void testValidateJsonWithUrlContainingEncodedBrackets() {
+        assertThatNoException()
+                .isThrownBy(() -> validator.validate("""
+                        {
+                          "bomFormat": "CycloneDX",
+                          "specVersion": "1.5",
+                          "components": [
+                            {
+                              "type": "library",
+                              "name": "acme-library",
+                              "externalReferences": [
+                                {
+                                  "type": "website",
+                                  "url": "https://example.com/foo?bar=%5Bbaz%5D"
+                                }
+                              ]
+                            }
+                          ]
+                        }
+                        """.getBytes()));
+    }
+
 }
\ No newline at end of file