diff --git a/src/main/java/com/sap/lsp/cf/ws/WSSynchronization.java b/src/main/java/com/sap/lsp/cf/ws/WSSynchronization.java
index 703a062..e7d910e 100644
--- a/src/main/java/com/sap/lsp/cf/ws/WSSynchronization.java
+++ b/src/main/java/com/sap/lsp/cf/ws/WSSynchronization.java
@@ -304,6 +304,9 @@ private List<String> unpack(InputStream zipStream, File destination) {
         try (ZipInputStream zipInputStream = new ZipInputStream(zipStream)) {
             while ((zipentry = zipInputStream.getNextEntry()) != null) {
                 File newFile = new File(destination, zipentry.getName());
+                if (!newFile.toPath().normalize().startsWith(destination.toPath().normalize())) {
+                    throw new RuntimeException("Bad zip entry");
+                }
                 LOG.info("UNZIP Creating " + newFile.getAbsolutePath());
 
                 if (zipentry.isDirectory()) {