diff --git a/modules/core/src/main/java/org/apache/synapse/libraries/util/LibDeployerUtils.java b/modules/core/src/main/java/org/apache/synapse/libraries/util/LibDeployerUtils.java
index 1cd779f37..9f8b29272 100644
--- a/modules/core/src/main/java/org/apache/synapse/libraries/util/LibDeployerUtils.java
+++ b/modules/core/src/main/java/org/apache/synapse/libraries/util/LibDeployerUtils.java
@@ -439,6 +439,9 @@ private static void extract(String sourcePath, String destPath) throws IOExcepti
                 continue;
             }
             File dest = new File(destPath, entry.getName());
+          if (!dest.toPath().normalize().startsWith(destPath)) {
+            throw new IOException("Bad zip entry");
+          }
             dest.getParentFile().mkdirs();
             copyInputStream(zipFile.getInputStream(entry),
                             new BufferedOutputStream(new FileOutputStream(dest)));