-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Normal
-
Affects Version/s: None
-
Component/s: Data display
-
None
There's nothing stopping someone from passing an unrelated annotation ID to make it look like it is an annotation for any specific entity: https://musicbrainz.org/artist/6a0b0138-dc06-4d5c-87b3-fab64f0fd326/annotation/480647
This isn't a serious issue by any means, but it should be probably be rejected with a Bad Request error if the ID requested is not an annotation for the specific entity in question.