diff --git a/app/build.gradle b/app/build.gradle
index 7242d6f0..d27b0f93 100644
--- a/app/build.gradle
+++ b/app/build.gradle
@@ -78,7 +78,7 @@ android {
 }
 
 dependencies {
-    implementation 'com.github.fatihergin:Simple-Commons:fe7a01274a' // TODO: do not replace it with SimpleMobileTools
+    implementation 'com.github.SimpleMobileTools:Simple-Commons:d1629c7f1a'
     implementation 'com.github.tibbi:AndroidPdfViewer:e6a533125b'
     implementation 'com.github.Stericson:RootTools:df729dcb13'
     implementation 'com.github.Stericson:RootShell:1.6'
diff --git a/app/src/main/kotlin/com/simplemobiletools/filemanager/pro/activities/DecompressActivity.kt b/app/src/main/kotlin/com/simplemobiletools/filemanager/pro/activities/DecompressActivity.kt
index 0b51d97f..ac381cbb 100644
--- a/app/src/main/kotlin/com/simplemobiletools/filemanager/pro/activities/DecompressActivity.kt
+++ b/app/src/main/kotlin/com/simplemobiletools/filemanager/pro/activities/DecompressActivity.kt
@@ -19,6 +19,7 @@ import net.lingala.zip4j.exception.ZipException.Type
 import net.lingala.zip4j.io.inputstream.ZipInputStream
 import net.lingala.zip4j.model.LocalFileHeader
 import java.io.BufferedInputStream
+import java.io.File
 
 class DecompressActivity : SimpleActivity() {
     companion object {
@@ -145,6 +146,11 @@ class DecompressActivity : SimpleActivity() {
                         continue
                     }
 
+                    val isVulnerableForZipPathTraversal = !File(newPath).canonicalPath.startsWith(parent)
+                    if (isVulnerableForZipPathTraversal) {
+                        continue
+                    }
+
                     val fos = getFileOutputStreamSync(newPath, newPath.getMimeType())
                     var count: Int
                     while (true) {