CVE Bug Invocation Path :
com.weweibuy.framework.common.core.support.JacksonBuilderHelper: objectMapperBuilder(java.lang.String,java.lang.String,java.lang.String)Lorg.springframework.http.converter.json.Jackson2ObjectMapperBuilder; /.m2/repository/org/springframework/boot/spring-boot-autoconfigure/2.7.1/spring-boot-autoconfigure-2.7.1.jar
org.yaml.snakeyaml.Yaml$2: next()Ljava.lang.Object; /.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.13.3/jackson-annotations-2.13.3.jar
org.yaml.snakeyaml.Yaml$2: next()Lorg.yaml.snakeyaml.nodes.Node; /.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.13.3/jackson-annotations-2.13.3.jar
org.yaml.snakeyaml.composer.Composer: getNode()Lorg.yaml.snakeyaml.nodes.Node; /.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.13.3/jackson-annotations-2.13.3.jar
org.yaml.snakeyaml.composer.Composer: composeNode(org.yaml.snakeyaml.nodes.Node)Lorg.yaml.snakeyaml.nodes.Node;
[INFO] Building common-core 1.4-SNAPSHOT [3/30]
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ common-core ---
[INFO] com.weweibuy.framework:common-core:jar:1.4-SNAPSHOT
[INFO] +- org.slf4j:slf4j-api:jar:1.7.36:compile
[INFO] +- org.apache.commons:commons-collections4:jar:4.1:compile
[INFO] +- org.apache.commons:commons-lang3:jar:3.9:compile
[INFO] +- org.springframework.boot:spring-boot-starter-json:jar:2.7.1:compile
[INFO] | +- org.springframework.boot:spring-boot-starter:jar:2.7.1:compile
[INFO] | | +- org.springframework.boot:spring-boot:jar:2.7.1:compile
[INFO] | | +- org.springframework.boot:spring-boot-autoconfigure:jar:2.7.1:compile
[INFO] | | +- org.springframework.boot:spring-boot-starter-logging:jar:2.7.1:compile
[INFO] | | | +- ch.qos.logback:logback-classic:jar:1.2.11:compile
[INFO] | | | | \- ch.qos.logback:logback-core:jar:1.2.11:compile
[INFO] | | | +- org.apache.logging.log4j:log4j-to-slf4j:jar:2.17.2:compile
[INFO] | | | | \- org.apache.logging.log4j:log4j-api:jar:2.17.2:compile
[INFO] | | | \- org.slf4j:jul-to-slf4j:jar:1.7.36:compile
[INFO] | | +- jakarta.annotation:jakarta.annotation-api:jar:1.3.5:compile
[INFO] | | \- org.yaml:snakeyaml:jar:1.30:compile
[INFO] | +- org.springframework:spring-web:jar:5.3.21:compile
[INFO] | | \- org.springframework:spring-beans:jar:5.3.21:compile
[INFO] | +- com.fasterxml.jackson.core:jackson-databind:jar:2.13.3:compile
[INFO] | | +- com.fasterxml.jackson.core:jackson-annotations:jar:2.13.3:compile
[INFO] | | \- com.fasterxml.jackson.core:jackson-core:jar:2.13.3:compile
[INFO] | +- com.fasterxml.jackson.datatype:jackson-datatype-jdk8:jar:2.13.3:compile
[INFO] | +- com.fasterxml.jackson.datatype:jackson-datatype-jsr310:jar:2.13.3:compile
[INFO] | \- com.fasterxml.jackson.module:jackson-module-parameter-names:jar:2.13.3:compile
[INFO] +- org.springframework.boot:spring-boot-starter-validation:jar:2.7.1:compile
[INFO] | +- org.apache.tomcat.embed:tomcat-embed-el:jar:9.0.64:compile
[INFO] | \- org.hibernate.validator:hibernate-validator:jar:6.2.3.Final:compile
[INFO] | +- jakarta.validation:jakarta.validation-api:jar:2.0.2:compile
[INFO] | +- org.jboss.logging:jboss-logging:jar:3.4.3.Final:compile
[INFO] | \- com.fasterxml:classmate:jar:1.5.1:compile
[INFO] +- org.springframework.boot:spring-boot-starter-web:jar:2.7.1:compile
[INFO] | +- org.springframework.boot:spring-boot-starter-tomcat:jar:2.7.1:compile
[INFO] | | +- org.apache.tomcat.embed:tomcat-embed-core:jar:9.0.64:compile
[INFO] | | \- org.apache.tomcat.embed:tomcat-embed-websocket:jar:9.0.64:compile
[INFO] | \- org.springframework:spring-webmvc:jar:5.3.21:compile
[INFO] | +- org.springframework:spring-aop:jar:5.3.21:compile
[INFO] | +- org.springframework:spring-context:jar:5.3.21:compile
[INFO] | \- org.springframework:spring-expression:jar:5.3.21:compile
[INFO] +- io.github.openfeign:feign-core:jar:11.8:compile
[INFO] +- org.projectlombok:lombok:jar:1.18.20:provided
[INFO] +- org.springframework.boot:spring-boot-starter-test:jar:2.7.1:test
[INFO] | +- org.springframework.boot:spring-boot-test:jar:2.7.1:test
[INFO] | +- org.springframework.boot:spring-boot-test-autoconfigure:jar:2.7.1:test
[INFO] | +- com.jayway.jsonpath:json-path:jar:2.7.0:test
[INFO] | | \- net.minidev:json-smart:jar:2.4.8:test
[INFO] | | \- net.minidev:accessors-smart:jar:2.4.8:test
[INFO] | | \- org.ow2.asm:asm:jar:9.1:test
[INFO] | +- jakarta.xml.bind:jakarta.xml.bind-api:jar:2.3.3:test
[INFO] | | \- jakarta.activation:jakarta.activation-api:jar:1.2.2:test
[INFO] | +- org.assertj:assertj-core:jar:3.22.0:test
[INFO] | +- org.hamcrest:hamcrest:jar:2.2:test
[INFO] | +- org.mockito:mockito-core:jar:4.5.1:test
[INFO] | | +- net.bytebuddy:byte-buddy:jar:1.12.11:test
[INFO] | | +- net.bytebuddy:byte-buddy-agent:jar:1.12.11:test
[INFO] | | \- org.objenesis:objenesis:jar:3.2:test
[INFO] | +- org.skyscreamer:jsonassert:jar:1.5.0:test
[INFO] | | \- com.vaadin.external.google:android-json:jar:0.0.20131108.vaadin1:test
[INFO] | +- org.springframework:spring-core:jar:5.3.21:compile
[INFO] | | \- org.springframework:spring-jcl:jar:5.3.21:compile
[INFO] | +- org.springframework:spring-test:jar:5.3.21:test
[INFO] | \- org.xmlunit:xmlunit-core:jar:2.9.0:test
[INFO] \- junit:junit:jar:4.13.2:test
[INFO] \- org.hamcrest:hamcrest-core:jar:2.2:test
Thank you very much.