This affects all versions of package fast-http. There is no path sanitization in the path provided at fs.readFile in index.js.