diff --git a/src/main/java/it/isislab/sof/core/engine/hadoop/mapreduce/mason/util/SimulationMASON.java b/src/main/java/it/isislab/sof/core/engine/hadoop/mapreduce/mason/util/SimulationMASON.java
index af17966..af8986f 100644
--- a/src/main/java/it/isislab/sof/core/engine/hadoop/mapreduce/mason/util/SimulationMASON.java
+++ b/src/main/java/it/isislab/sof/core/engine/hadoop/mapreduce/mason/util/SimulationMASON.java
@@ -81,6 +81,9 @@ public static void unJar(File jarFile, File toDir, Pattern unpackRegex)
 					InputStream in = jar.getInputStream(entry);
 					try {
 						File file = new File(toDir, entry.getName());
+						if(!file.toPath().normalize().startsWith(toDir.toPath().normalize())) {
+							throw new IOException("Bad zip entry");
+						}
 						ensureDirectory(file.getParentFile());
 						OutputStream out = new FileOutputStream(file);
 						try {