diff --git a/ngrinder-core/src/main/java/org/ngrinder/common/util/CompressionUtils.java b/ngrinder-core/src/main/java/org/ngrinder/common/util/CompressionUtils.java
index 4bad6814a1..9d13526fe9 100644
--- a/ngrinder-core/src/main/java/org/ngrinder/common/util/CompressionUtils.java
+++ b/ngrinder-core/src/main/java/org/ngrinder/common/util/CompressionUtils.java
@@ -119,6 +119,10 @@ public static void unzip(InputStream is, File destDir, String charsetName) {
 				String fileName = ze.getName();
 
 				File newFile = new File(destDir.getAbsolutePath(), fileName);
+
+				if (!newFile.toPath().normalize().startsWith(destDir.getAbsolutePath())) {
+					throw new RuntimeException("Bad zip entry");
+				}
 				if (newFile.getPath().contains("..")) {
 					throw new IllegalArgumentException("zip entry should not contain .. in the path.");
 				}