I think disabling JNDI is probably the right thing to do, but I see nothing here I would consider an exploit?  Just “if you configure logback to use JNDI it would use it”.