diff --git a/docs/changelog/7.x.x.txt b/docs/changelog/7.x.x.txt
index 56a25f46c..b82b90e51 100644
--- a/docs/changelog/7.x.x.txt
+++ b/docs/changelog/7.x.x.txt
@@ -4,6 +4,7 @@
  - fixed possible vulnerability loading template parser
  - fixed possible vulnerability loading help files
  - fixed possible vulnerability with filenames in storage locations
+ - fixed possible vulnerability with extracting tar files in storage locations
 
 7.9.11
  - fixed #11755: New cart does not update shipping methods correctly
diff --git a/lib/WebGUI/Storage.pm b/lib/WebGUI/Storage.pm
index d40f4a10d..504778982 100644
--- a/lib/WebGUI/Storage.pm
+++ b/lib/WebGUI/Storage.pm
@@ -1844,6 +1844,13 @@ sub untar {
     }, ".");
     $self->_changeOwner(@files);
 
+    ##Prevent dangerous files from being added to the storage location via untar
+    FILE: foreach my $file (@files) {
+        my $blockname = $temp->block_extensions($file);
+        next FILE if $blockname eq $file;
+        $temp->renameFile($file, $blockname);
+    }
+
     chdir $originalDir;
     return $temp;
 }
diff --git a/t/Storage.t b/t/Storage.t
index 36ac3f824..f5cb96a00 100644
--- a/t/Storage.t
+++ b/t/Storage.t
@@ -31,8 +31,7 @@ my $cwd = Cwd::cwd();
 
 my ($extensionTests, $fileIconTests, $block_extension_tests) = setupDataDrivenTests($session);
 
-my $numTests = 140; # increment this value for each test you create
-plan tests => 140
+plan tests => 141
             + scalar @{ $extensionTests }
             + scalar @{ $fileIconTests  }
             + scalar @{ $block_extension_tests }
@@ -413,10 +412,20 @@ my $untarStorage = $tarStorage->untar('tar.tar');
 addToCleanup($untarStorage);
 isa_ok( $untarStorage, "WebGUI::Storage", "untar: returns a WebGUI::Storage object");
 is (substr($untarStorage->getPathFrag, 0, 5), 'temp/', 'untar: puts stuff in the temp directory');
-##Note, getFiles will NOT recurse, so do not use a deep directory structure here
 cmp_bag($untarStorage->getFiles, $copiedStorage->getFiles, 'tar and untar loop preserve all files');
 isnt($untarStorage->getPath, $tarStorage->getPath, 'untar did not reuse the same path as the tar storage object');
 
+$tarStorage->addFileFromFilesystem(WebGUI::Test->getTestCollateralPath('extensions.tar'));
+my $extensionStorage = $tarStorage->untar('extensions.tar');
+WebGUI::Test->addToCleanup($extensionStorage);
+use Data::Dumper;
+diag Dumper $extensionStorage->getFiles;
+cmp_bag(
+    $extensionStorage->getFiles, 
+    [ qw{ extension_pm.txt extension_perl.txt extension_html.txt extensions extensions/extension_html.txt }], 
+    'untar fixes file extensions'
+);
+
 ####################################################
 #
 # clear