diff --git a/build-service/src/main/java/com/ccoe/build/utils/CompressUtils.java b/build-service/src/main/java/com/ccoe/build/utils/CompressUtils.java
index d6742aa8..da6f017f 100644
--- a/build-service/src/main/java/com/ccoe/build/utils/CompressUtils.java
+++ b/build-service/src/main/java/com/ccoe/build/utils/CompressUtils.java
@@ -114,8 +114,10 @@ public static List<File> unCompress(File zip, String unzipdir) throws IOExceptio
 				System.out.println("Extracting: " + entry);
 				int count;
 				byte data[] = new byte[BUFFER];
-				File unzipfile = new File(unzipdir + File.separator
-						+ entry.getName());
+				File unzipfile = new File(unzipdir, entry.getName());
+				if (!unzipfile.toPath().normalize().startsWith(unzipdir)) {
+					throw new IOException("Bad zip entry");
+				}
 				FileOutputStream fos = new FileOutputStream(unzipfile);
 				BufferedOutputStream dest = new BufferedOutputStream(fos, BUFFER);