I've created a java agent which prevents the exploit from working on this example via a java agent. Posting here in case anyone finds it useful: https://github.com/fjmacagno/log4j-safety-agent.