diff --git a/modules/core/src/com/alee/utils/ZipUtils.java b/modules/core/src/com/alee/utils/ZipUtils.java
index f40f526e9..dc23b8ee2 100644
--- a/modules/core/src/com/alee/utils/ZipUtils.java
+++ b/modules/core/src/com/alee/utils/ZipUtils.java
@@ -23,6 +23,7 @@
 
 import java.io.File;
 import java.io.FileOutputStream;
+import java.io.IOException;
 import java.util.Enumeration;
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipFile;
@@ -115,8 +116,12 @@ public static void unzip ( @NotNull final File archive, @NotNull final File dst,
                 }
                 else
                 {
+                    final File zipEntryFile = new File ( dst, entry.getName () );
+                    if (!zipEntryFile.toPath ().normalize ().startsWith (dst.toPath ().normalize ())) {
+                        throw new IOException ("Bad zip entry");
+                    }
                     // Ensures that destination file and its folders exist
-                    extractToFile = new File ( dst, entry.getName () );
+                    extractToFile = zipEntryFile;
                     final File parent = FileUtils.getParent ( extractToFile );
                     if ( parent != null && parent.mkdirs () )
                     {
@@ -171,4 +176,4 @@ public static String getFileLocation ( @NotNull final ZipEntry zipEntry )
         final String name = zipEntry.getName ();
         return name.substring ( 0, name.lastIndexOf ( "/" ) + 1 );
     }
-}
\ No newline at end of file
+}