^pkg:maven/org\.springframework/spring-web@.*$ CVE-2016-1000027 ^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$ CVE-2022-42003