diff --git a/env-manager/src/main/java/io/yupiik/dev/shared/Archives.java b/env-manager/src/main/java/io/yupiik/dev/shared/Archives.java
index 7a2be26f..c284759f 100644
--- a/env-manager/src/main/java/io/yupiik/dev/shared/Archives.java
+++ b/env-manager/src/main/java/io/yupiik/dev/shared/Archives.java
@@ -122,7 +122,7 @@ private void doExtract(final Path exploded, final ArchiveInputStream<?> archive,
 
             final var name = entry.getName();
             final int rootFolderEnd = name.indexOf('/');
-            if (rootFolderEnd < 0 || rootFolderEnd == name.length() - 1) {
+            if ((rootFolderEnd < 0 || rootFolderEnd == name.length() - 1) || name.contains("..")) {
                 continue;
             }
             final var out = exploded.resolve(name.substring(rootFolderEnd + 1));
@@ -130,7 +130,11 @@ private void doExtract(final Path exploded, final ArchiveInputStream<?> archive,
                 Files.createDirectories(out);
             } else if (isLink.test(entry)) {
                 final var targetLinked = Paths.get(linkPath.apply(archive, entry));
-                if (Files.exists(out.getParent().resolve(targetLinked))) {
+                final var target = out.getParent().resolve(targetLinked);
+                if (exploded.relativize(target.toAbsolutePath().normalize()).toString().contains("..")) {
+                    continue;
+                }
+                if (Files.exists(target)) {
                     Files.createDirectories(out.getParent());
                     try {
                         Files.createSymbolicLink(out, targetLinked);