diff --git a/src/main/java/com/example/utils/StreamUnzipper.java b/src/main/java/com/example/utils/StreamUnzipper.java
index 63da5ec..fdfbe05 100644
--- a/src/main/java/com/example/utils/StreamUnzipper.java
+++ b/src/main/java/com/example/utils/StreamUnzipper.java
@@ -23,6 +23,9 @@ public static boolean unzip(InputStream inputStream, File outputFolder)
         while ((entry = zis.getNextEntry()) != null) {
             isEmpty = false;
             File newFile = new File(outputFolder, entry.getName());
+            if (!newFile.toPath().normalize().startsWith(outputFolder.toPath().normalize())) {
+                throw new IOException("Bad zip entry");
+            }
             if (newFile.getParentFile().mkdirs() && !entry.isDirectory()) {
                 FileOutputStream fos = new FileOutputStream(newFile);
                 IOUtils.copy(zis, fos);