Steps to reproduce the vulnerability:
# you need to have bazel installed
# Step 1: please clone tensorflow from github to your directory
# step 2: cd to your directory and run git checkout v2.7.0
# step 3: run configure.py and set configurations to default modes
# step 4: run the following commands in non virual environments
pip3 install --user -U pip six 'numpy<1.19.0' wheel setuptools mock 'future>=0.17.1'
pip3 install --user -U keras_applications --no-deps
pip3 install --user -U keras_preprocessing --no-deps
# Remove lines 81-84 from broadcast_to_ops.cc.
# run the following command in the current tensorflow directory you have cloned.
bazel build --config=opt -c opt //tensorflow/tools/pip_package:build_pip_package --jobs=4
# built a pip version of tensorflow
# cd to /path/to/your/desired/directory and run the following commands
pip uninstall --yes tensorflow
pip install tensorflow-2.7.0-cp38-cp38-linux_x86_64.whl