Highzepatrik

**Name of the Vulnerable Software and Affected Versions** Ory Hydra (affected versions not specified) **Description** The Admin APIs – `listOAuth2Clients`, `listOAuth2ConsentSessions`, and `listTrustedOAuth2JwtGrantIssuers` – in Ory Hydra are susceptible to SQL injection due to flaws in the pagination implementation. Pagination tokens are encrypted using the secret configured in `secrets.pagination`. If this value is not set, Hydra defaults to using `secrets.system`. An attacker with knowledge of either `secrets.pagination` or `secrets.system` can create malicious tokens that lead to SQL injection. An attacker can execute arbitrary SQL queries through these forged pagination tokens by passing a raw pagination token to the affected **API endpoints**. **Recommendations** Configure a custom value for `secrets.pagination` by generating a cryptographically secure random secret, for example, using `openssl rand -base64 32`. Upgrade Hydra to the fixed version as soon as possible.