diff --git a/modules/image/text_to_image/disco_diffusion_ernievil_base/vit_b_16x/ernievil2/transformers/file_utils.py b/modules/image/text_to_image/disco_diffusion_ernievil_base/vit_b_16x/ernievil2/transformers/file_utils.py
index bead1f2c74470832db7977d636804bdfd6c78c86..0d39f72328b1e2f43b9fe0fbc774cd2821643906 100755
--- a/modules/image/text_to_image/disco_diffusion_ernievil_base/vit_b_16x/ernievil2/transformers/file_utils.py
+++ b/modules/image/text_to_image/disco_diffusion_ernievil_base/vit_b_16x/ernievil2/transformers/file_utils.py
@@ -47,7 +47,26 @@ def _fetch_from_remote(url, force_download=False, cached_dir='~/.paddle-ernie-ca
                     f.flush()
             log.debug('extacting... to %s' % tmpfile)
             with tarfile.open(tmpfile.as_posix()) as tf:
-                tf.extractall(path=str(cached_dir_model))
+                def is_within_directory(directory, target):
+                    
+                    abs_directory = os.path.abspath(directory)
+                    abs_target = os.path.abspath(target)
+                
+                    prefix = os.path.commonprefix([abs_directory, abs_target])
+                    
+                    return prefix == abs_directory
+                
+                def safe_extract(tar, path=".", members=None, *, numeric_owner=False):
+                
+                    for member in tar.getmembers():
+                        member_path = os.path.join(path, member.name)
+                        if not is_within_directory(path, member_path):
+                            raise Exception("Attempted Path Traversal in Tar File")
+                
+                    tar.extractall(path, members, numeric_owner=numeric_owner) 
+                    
+                
+                safe_extract(tf, path=str(cached_dir_model))
             donefile.touch()
         os.remove(tmpfile.as_posix())
 
diff --git a/modules/text/text_generation/reading_pictures_writing_poems_for_midautumn/MidAutumnPoetry/model/file_utils.py b/modules/text/text_generation/reading_pictures_writing_poems_for_midautumn/MidAutumnPoetry/model/file_utils.py
index 608be4efc6644626f7f408df200fd299f2dd997e..1ba17701b04727e87143cf0a55f34d08bad3d67b 100644
--- a/modules/text/text_generation/reading_pictures_writing_poems_for_midautumn/MidAutumnPoetry/model/file_utils.py
+++ b/modules/text/text_generation/reading_pictures_writing_poems_for_midautumn/MidAutumnPoetry/model/file_utils.py
@@ -33,7 +33,26 @@ def _fetch_from_remote(url, force_download=False):
                     f.flush()
             logger.debug('extacting... to %s' % f.name)
             with tarfile.open(f.name) as tf:
-                tf.extractall(path=cached_dir)
+                def is_within_directory(directory, target):
+                    
+                    abs_directory = os.path.abspath(directory)
+                    abs_target = os.path.abspath(target)
+                
+                    prefix = os.path.commonprefix([abs_directory, abs_target])
+                    
+                    return prefix == abs_directory
+                
+                def safe_extract(tar, path=".", members=None, *, numeric_owner=False):
+                
+                    for member in tar.getmembers():
+                        member_path = os.path.join(path, member.name)
+                        if not is_within_directory(path, member_path):
+                            raise Exception("Attempted Path Traversal in Tar File")
+                
+                    tar.extractall(path, members, numeric_owner=numeric_owner) 
+                    
+                
+                safe_extract(tf, path=cached_dir)
     logger.debug('%s cached in %s' % (url, cached_dir))
     return cached_dir