Around the current log4shell situation i need a way to find out if i have vulnerable classes in my packaged products. What is the easiest way to find if the following classes are contained in jar files packaged in EAR or WAR files?
- JndiLookup.class
- JMSAppenderBase.class
- JMSAppender.class
One solution would be the following bat script: