Wataru-Chocola

**Name of the Vulnerable Software and Affected Versions** Hono versions prior to 4.5.8 **Description** The Hono CSRF middleware can be bypassed using a crafted Content-Type header. This is due to the fact that MIME types are case insensitive, but the `isRequestedByFormElementRe` function only matches lower-case MIME types. As a result, an attacker can bypass the CSRF middleware using an upper-case form-like MIME type, such as "Application/x-www-form-urlencoded". **Recommendations** For versions prior to 4.5.8, update to version 4.5.8 to fix the vulnerability. As a temporary workaround, consider modifying the `isRequestedByFormElementRe` function to match MIME types in a case-insensitive manner. Restrict access to the CSRF middleware to minimize the risk of exploitation. Avoid using upper-case form-like MIME types in the Content-Type header until the issue is resolved.