diff --git a/arduino-core/src/cc/arduino/contributions/DownloadableContributionsDownloader.java b/arduino-core/src/cc/arduino/contributions/DownloadableContributionsDownloader.java
index 4ddca67b3cd..ee32dff5386 100644
--- a/arduino-core/src/cc/arduino/contributions/DownloadableContributionsDownloader.java
+++ b/arduino-core/src/cc/arduino/contributions/DownloadableContributionsDownloader.java
@@ -62,7 +62,12 @@ public File download(DownloadableContribution contribution, Progress progress, f
 
   public File download(DownloadableContribution contribution, Progress progress, final String statusText, ProgressListener progressListener, boolean noResume, boolean allowCache) throws Exception {
     URL url = new URL(contribution.getUrl());
-    Path outputFile = Paths.get(stagingFolder.getAbsolutePath(), contribution.getArchiveFileName());
+    // Filter out paths from file name
+    String filename = new File(contribution.getArchiveFileName()).getName();
+    Path outputFile = Paths.get(stagingFolder.getAbsolutePath(), filename).normalize();
+    if (outputFile.toFile().isDirectory()) {
+      throw new Exception(format("Can't download {0}: invalid filename or exinsting directory", contribution.getArchiveFileName()));
+    }
 
     // Ensure the existence of staging folder
     Files.createDirectories(stagingFolder.toPath());