There are instruction to run this app using docker. But I want to run this application as jar file and I tried ./gradlew build which results in two jar files. Again, throws multiple error. Maybe some where I am going wrong. Please help.

Unfortunately not, due to the issue mentioned in #36.

That said, you should be able to build a JAR locally, just use the same command as in the Dockerfile: gradle bootJar

If that doesn't work, can you provide the output? Thanks!

Hi @christophetd, thanks for your response
I tried running the command: gradle bootJar
but, when I run the curl command to get the reverse shell, I didn't get any response
After running jar file:
-> Received a request for API version Reference Class Name: foo

After running docker image:
-> : Received a request for API version ${jndi:ldap:/

Yep that's the issue, see #36. Basically if you build from source, it's vulnerable anymore because of a transitive dependency somewhere that got patched or mitigated, so the only workaround currently is to run the Docker image (which was built with the vulnerable component versions).

If you figure out what we need to update, I'd love a PR - thanks!

If you really need the JAR:

docker run -d --name vulnerable-app ghcr.io/christophetd/log4shell-vulnerable-app@sha256:6f88430688108e512f7405ac3c73d47f5c370780b94182854ea2cddc6bd59929
docker cp vulnerable-app:/app/spring-boot-application.jar /tmp/spring4shell.jar
docker rm -f vulnerable-app