How to fix vulnerability maven-core 3.0 in exec-maven-plugin

Question

I have a spring boot project with maven. The POM.XML for a certaun service looks like this:

    [...]
    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-maven-plugin</artifactId>
    </dependency>
    <dependency>
      <groupId>org.codehaus.mojo</groupId>
      <artifactId>exec-maven-plugin</artifactId>
    </dependency>
 
   [...]

  <build>
    <plugins>
      <plugin>V
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-maven-plugin</artifactId>
        <version>${version.spring-boot-maven-plugin}</version>
        <executions>
          <execution>
            <goals>
              <goal>repackage</goal>
            </goals>
          </execution>
        </executions>
      </plugin>

     [...]

      <plugin>
        <groupId>org.codehaus.mojo</groupId>
        <artifactId>exec-maven-plugin</artifactId>
        <version>${version.org.codehaus.mojo}</version>
        <executions>
          <execution>
            <id>Run-SQL-create</id>
            <phase>process-classes</phase>
            <goals>
              <goal>java</goal>
            </goals>
          </execution>
        </executions>
        <configuration>
          <mainClass>[...].CreateSQLSeedingFile</mainClass>
          <arguments></arguments>
        </configuration>
      </plugin>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-compiler-plugin</artifactId>
        <version>${version.maven-compiler-plugin}</version>
        <configuration>
          <source>11</source>
          <target>11</target>
          <annotationProcessorPaths>
            <path>
              <groupId>org.projectlombok</groupId>
              <artifactId>lombok-mapstruct-binding</artifactId>
              <version>${version.lombok-mapstruct-binding}</version>
            </path>
            <path>
              <groupId>org.mapstruct</groupId>
              <artifactId>mapstruct-processor</artifactId>
              <version>${version.mapstruct-processor}</version>
            </path>
            <path>
              <groupId>org.projectlombok</groupId>
              <artifactId>lombok</artifactId>
              <version>${version.org.projectlombok}</version>
            </path>
          </annotationProcessorPaths>
        </configuration>
      </plugin>
    </plugins>
  </build>
  [...] 

</project>

I ran [dependency-check-maven] to scan for vulnerabilities. It found CVE-2021-26291 Using mvn dependency:tree I found that it is inside the exec-maven-plugin In the details it mentions:

If you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior

However we do not have a repository manager (it's just a small project). And I can not upgrade the version, since the dependency exec-maven-plugin is already at the latest version 3.0.0

Now when I remove the dependency completely (not even sure what I'd have to solve then!) it finds the same vulnerability in maven-core-3.1.1 inside spring-boot-maven-plugin Here the same goes: it is already at the latest version 2.6.2

Is there a way this vulnerability, without using a repository manager ?