zendframework/zendframework is vulnerable to improper handling of IP addresses. The vulnerability is due to the class not verifying if the IP address in $_SERVER['REMOTE_ADDR']
is in the trusted proxy server list before using the X-Forwarded-For header.