diff --git a/java/src/org/openqa/selenium/io/Zip.java b/java/src/org/openqa/selenium/io/Zip.java
index 9c2989fe6b2b3..200a95abfe866 100644
--- a/java/src/org/openqa/selenium/io/Zip.java
+++ b/java/src/org/openqa/selenium/io/Zip.java
@@ -102,6 +102,11 @@ public static void unzip(InputStream source, File outputDir) throws IOException
       while ((entry = zis.getNextEntry()) != null) {
         File file = new File(outputDir, entry.getName());
         if (entry.isDirectory()) {
+          String canonicalOutputDirPath = outputDir.getCanonicalPath();
+          String canonicalDirPath = file.getCanonicalPath();
+          if (!canonicalDirPath.startsWith(canonicalOutputDirPath + File.separator)) {
+            throw new IOException("Directory entry is outside of the target dir: " + entry.getName());
+          }
           FileHandler.createDir(file);
           continue;
         }