diff --git a/nicobar-core/src/main/java/com/netflix/nicobar/core/persistence/PathArchiveRepository.java b/nicobar-core/src/main/java/com/netflix/nicobar/core/persistence/PathArchiveRepository.java
index 8938e433..0dc7848a 100644
--- a/nicobar-core/src/main/java/com/netflix/nicobar/core/persistence/PathArchiveRepository.java
+++ b/nicobar-core/src/main/java/com/netflix/nicobar/core/persistence/PathArchiveRepository.java
@@ -159,6 +159,9 @@ public void insertArchive(JarScriptArchive jarScriptArchive)
             while (entries.hasMoreElements()) {
                 JarEntry jarEntry = entries.nextElement();
                 Path entryName = moduleDir.resolve(jarEntry.getName());
+                if (!entryName.normalize().startsWith(moduleDir.normalize())) {
+                    throw new IOException("Bad zip entry");
+                }
                 if (jarEntry.isDirectory()) {
                     Files.createDirectories(entryName);
                 } else {