From ef412136aa39e0cc4588bcd7f8729c8374c9238b Mon Sep 17 00:00:00 2001
From: Zeroday BYTE <github@zerodaysec.org>
Date: Thu, 24 Jul 2025 18:19:32 +0700
Subject: [PATCH] Update Zip.java

---
 java/src/org/openqa/selenium/io/Zip.java | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/java/src/org/openqa/selenium/io/Zip.java b/java/src/org/openqa/selenium/io/Zip.java
index 9c2989fe6b2b3..200a95abfe866 100644
--- a/java/src/org/openqa/selenium/io/Zip.java
+++ b/java/src/org/openqa/selenium/io/Zip.java
@@ -102,6 +102,11 @@ public static void unzip(InputStream source, File outputDir) throws IOException
       while ((entry = zis.getNextEntry()) != null) {
         File file = new File(outputDir, entry.getName());
         if (entry.isDirectory()) {
+          String canonicalOutputDirPath = outputDir.getCanonicalPath();
+          String canonicalDirPath = file.getCanonicalPath();
+          if (!canonicalDirPath.startsWith(canonicalOutputDirPath + File.separator)) {
+            throw new IOException("Directory entry is outside of the target dir: " + entry.getName());
+          }
           FileHandler.createDir(file);
           continue;
         }