Invalid pagination cursor causing ValueError in Django instead of InvalidPage response

[Lukas2203]

Hi everyone,

We've encountered a ValueError in our Django project that seems to have been triggered by an API request involving an invalid cursor. The cursor was missing a character and, based on my understanding, should have been flagged as invalid, returning an Invalid page response. However, instead of that, it caused a ValueError.

From what I can tell, this issue might be related to either Django REST framework or Django itself, given that the InvalidPage exception is part of Django (django.core.paginator).

Here’s the error we received: Field 'id' expected a number but got '123456\x03'
In this case, 123456 is a valid object ID, but the \x03 character (ASCII control character End of Text) was appended, which caused the error. In another test, I triggered the same error with the ID ending up as: '\x00\x00\x00\x00\x00\x00\x03', for this I used the this cursor: cD0AAAAAAAA%D. In both cases, I think the cursors should have been flagged as invalid?

The cursor in the original request was nearly correct but ended with %D instead of the expected %3D. We were also able to reproduce the error by removing the 3, confirming that this wasn’t an isolated incident.

It seems like this issue should result in an Invalid page response, not a ValueError.

Any help or guidance on whether this is an issue with Django REST framework or Django itself would be greatly appreciated. Thank you in advance!

We are using django-rest-framework version 3.15.2
Part of the stack trace in case that can help somehow (Hidden parts ar files not related to django or django rest framework)