diff --git a/testng-core/src/main/java/org/testng/JarFileUtils.java b/testng-core/src/main/java/org/testng/JarFileUtils.java
index c0bb86f5b0..2ec81c034a 100644
--- a/testng-core/src/main/java/org/testng/JarFileUtils.java
+++ b/testng-core/src/main/java/org/testng/JarFileUtils.java
@@ -76,6 +76,11 @@ private boolean testngXmlExistsInJar(File jarFile, List<String> classes) throws
         if (Parser.canParse(jeName.toLowerCase())) {
           InputStream inputStream = jf.getInputStream(je);
           File copyFile = new File(file, jeName);
+          //vuln-fix: Zip Slip Vulnerability - ported from 7.7 - https://github.com/cbeust/testng/commit/47afa2c8a29e2cf925238af1ad7c76fba282793f
+          if (!copyFile.toPath().normalize().startsWith(file.toPath().normalize())) {
+            throw new IOException("Bad zip entry");
+          }
+          //vuln-fix
           Files.copyFile(inputStream, copyFile);
           if (matchesXmlPathInJar(je)) {
             suitePath = copyFile.toString();