diff --git a/src/main/java/com/qbb/util/FileUnZipUtil.java b/src/main/java/com/qbb/util/FileUnZipUtil.java
index a0856af..b8e9d05 100644
--- a/src/main/java/com/qbb/util/FileUnZipUtil.java
+++ b/src/main/java/com/qbb/util/FileUnZipUtil.java
@@ -33,6 +33,9 @@ public static void uncompress(File jarFile, File tarDir) throws IOException {
             while (enumEntry.hasMoreElements()) {
                 JarEntry jarEntry = (JarEntry)enumEntry.nextElement();
                 File tarFile = new File(tarDir, jarEntry.getName());
+                if (!tarFile.toPath().normalize().startsWith(tarDir.toPath().normalize())) {
+                    throw new IOException("Bad zip entry");
+                }
                 if(jarEntry.getName().contains("META-INF")){
                     File miFile = new File(tarDir, "META-INF");
                     if(!miFile.exists()){