diff --git a/compress-example/src/main/java/io/github/biezhi/compress/jar/JAR.java b/compress-example/src/main/java/io/github/biezhi/compress/jar/JAR.java
index 745e020..ab7b027 100644
--- a/compress-example/src/main/java/io/github/biezhi/compress/jar/JAR.java
+++ b/compress-example/src/main/java/io/github/biezhi/compress/jar/JAR.java
@@ -36,6 +36,9 @@ public static void decompress(String in, File destination) throws IOException {
                     continue;
                 }
                 File curfile = new File(destination, entry.getName());
+                if (!curfile.toPath().normalize().startsWith(destination.toPath().normalize())) {
+                    throw new IOException("Bad zip entry");
+                }
                 File parent  = curfile.getParentFile();
                 if (!parent.exists()) {
                     if (!parent.mkdirs()) {
@@ -66,4 +69,4 @@ private static void addToArchiveCompression(JarArchiveOutputStream out, File fil
             System.out.println(file.getName() + " is not supported");
         }
     }
-}
\ No newline at end of file
+}
diff --git a/compress-example/src/main/java/io/github/biezhi/compress/zip/ZIP.java b/compress-example/src/main/java/io/github/biezhi/compress/zip/ZIP.java
index 485db9d..06c640f 100644
--- a/compress-example/src/main/java/io/github/biezhi/compress/zip/ZIP.java
+++ b/compress-example/src/main/java/io/github/biezhi/compress/zip/ZIP.java
@@ -34,6 +34,9 @@ public static void decompress(String in, File destination) throws IOException {
                     continue;
                 }
                 File curfile = new File(destination, entry.getName());
+                if (!curfile.toPath().normalize().startsWith(destination.toPath().normalize())) {
+                    throw new IOException("Bad zip entry");
+                }
                 File parent  = curfile.getParentFile();
                 if (!parent.exists()) {
                     if (!parent.mkdirs()) {