diff --git a/src/main/java/org/apache/maven/buildcache/CacheUtils.java b/src/main/java/org/apache/maven/buildcache/CacheUtils.java
index d02d08e0..099636df 100644
--- a/src/main/java/org/apache/maven/buildcache/CacheUtils.java
+++ b/src/main/java/org/apache/maven/buildcache/CacheUtils.java
@@ -210,6 +210,9 @@ public static void unzip( Path zip, Path out ) throws IOException
             while ( entry != null )
             {
                 Path file = out.resolve( entry.getName() );
+                if (!file.normalize().startsWith(out.normalize())) {
+                    throw new RuntimeException("Bad zip entry");
+                }
                 if ( entry.isDirectory() )
                 {
                     Files.createDirectory( file );