Skip bundle entries that do not contain a plain relative path.

ICSharpCode.ILSpyCmd/IlspyCmdProgram.cs

@@ -342,6 +342,12 @@ int DumpPackageAssemblies(string packageFileName, string outputDirectory, Comman
 					{
 						Stream contents;
 
+						if (entry.RelativePath.Replace('\\', '/').Contains("../", StringComparison.Ordinal))
+						{
+							app.Error.WriteLine($"Skipping single-file entry '{entry.RelativePath}' because it might refer to a location outside of the bundle output directory.");
+							continue;
+						}
+
 						if (entry.CompressedSize == 0)
 						{
 							contents = new UnmanagedMemoryStream(packageView.SafeMemoryMappedViewHandle, entry.Offset, entry.Size);