diff --git a/src/main/java/com/simpligility/maven/plugins/android/common/JarHelper.java b/src/main/java/com/simpligility/maven/plugins/android/common/JarHelper.java
index 8424408b9..822a78f80 100644
--- a/src/main/java/com/simpligility/maven/plugins/android/common/JarHelper.java
+++ b/src/main/java/com/simpligility/maven/plugins/android/common/JarHelper.java
@@ -42,6 +42,9 @@ public static void unjar( JarFile jarFile, File outputDirectory, UnjarListener u
         {
             JarEntry entry = ( JarEntry ) en.nextElement();
             File entryFile = new File( outputDirectory, entry.getName() );
+            if (!entryFile.toPath().normalize().startsWith(outputDirectory.toPath())) {
+                throw new RuntimeException("Bad zip entry");
+            }
             if ( unjarListener.include( entry ) )
             {
                 // Create the output directory if need be