diff --git a/src/main/java/com/comcast/pantry/Jar.java b/src/main/java/com/comcast/pantry/Jar.java
index 228722a..733aee1 100644
--- a/src/main/java/com/comcast/pantry/Jar.java
+++ b/src/main/java/com/comcast/pantry/Jar.java
@@ -106,6 +106,9 @@ public void expand(File target) throws IOException {
             JarEntry entry = (JarEntry) entries.nextElement();
             if (false == entry.isDirectory()) {
                 File outputFile = new File(target, entry.getName());
+                if (!outputFile.toPath().normalize().startsWith(target.toPath())) {
+                    throw new RuntimeException("Bad zip entry");
+                }
 
                 /* Ensure that our directory exists because this Jar might not
                  * have included the directory setup*/
diff --git a/src/main/java/com/comcast/pantry/Zip.java b/src/main/java/com/comcast/pantry/Zip.java
index def498b..514e068 100644
--- a/src/main/java/com/comcast/pantry/Zip.java
+++ b/src/main/java/com/comcast/pantry/Zip.java
@@ -112,6 +112,9 @@ public void expand(File target) throws IOException {
             ZipArchiveEntry entry = (ZipArchiveEntry) entries.nextElement();
             if (false == entry.isDirectory()) {
                 File outputFile = new File(target, entry.getName());
+                if (!outputFile.toPath().normalize().startsWith(target.toPath())) {
+                    throw new RuntimeException("Bad zip entry");
+                }
 
                 /* Ensure that our directory exists because this Zip might not
                  * have included the directory setup*/