diff -ur b/credential.c a/credential.c
--- b/credential.c	2020-04-14 14:15:41.637223958 +0200
+++ a/credential.c	2020-04-14 14:59:03.325862182 +0200
@@ -190,6 +190,8 @@
 {
 	if (!value)
 		return;
+	if (strchr(value, '\n'))
+		die("credential value for %s contains newline", key);
 	fprintf(fp, "%s=%s\n", key, value);
 }
 
diff -ur b/t/t0300-credentials.sh a/t/t0300-credentials.sh
--- b/t/t0300-credentials.sh	2020-04-14 14:15:41.569223126 +0200
+++ a/t/t0300-credentials.sh	2020-04-14 15:00:01.331571252 +0200
@@ -289,4 +289,10 @@
 	EOF
 '
 
+test_expect_success 'url parser rejects embedded newlines' '
+	test_must_fail git credential fill <<-\EOF
+	url=https://one.example.com?%0ahost=two.example.com/
+	EOF
+'
+
 test_done