diff --git a/stack-clients/src/main/java/com/cmclinnovations/stack/clients/docker/DockerClient.java b/stack-clients/src/main/java/com/cmclinnovations/stack/clients/docker/DockerClient.java
index 85391b99..d697b801 100644
--- a/stack-clients/src/main/java/com/cmclinnovations/stack/clients/docker/DockerClient.java
+++ b/stack-clients/src/main/java/com/cmclinnovations/stack/clients/docker/DockerClient.java
@@ -493,7 +493,11 @@ public Map<String, byte[]> retrieveFiles(String containerId, String remoteDirPat
             TarArchiveEntry tarArchiveEntry;
             while (null != (tarArchiveEntry = tarArchiveInputStream.getNextTarEntry())) {
                 if (!tarArchiveEntry.isDirectory()) {
-                    files.put(remoteDirPath + tarArchiveEntry.getName().replaceFirst("^[^/]*/", ""),
+                    Path entryPath = Path.of(remoteDirPath, tarArchiveEntry.getName().replaceFirst("^[^/]*/", "")).normalize();
+                    if (!entryPath.startsWith(Path.of(remoteDirPath).normalize())) {
+                        throw new IOException("Invalid tar entry: " + tarArchiveEntry.getName());
+                    }
+                    files.put(entryPath.toString(),
                             tarArchiveInputStream.readAllBytes());
                 }
             }