diff --git a/pkgs/racket-test/tests/pkg/tests-name.rkt b/pkgs/racket-test/tests/pkg/tests-name.rkt
index fbbe2930cb..9f5c50a395 100644
--- a/pkgs/racket-test/tests/pkg/tests-name.rkt
+++ b/pkgs/racket-test/tests/pkg/tests-name.rkt
@@ -115,6 +115,7 @@
   (check-equal-values? (parse "git://github.com/../fish" #f #rx"indicator") (values #f 'github #f))
   (check-equal-values? (parse "git://github.com/racket/fish" 'clone) (values "fish" 'clone #t))
   (check-equal-values? (parse "racket/fish" 'github) (values "fish" 'github #t))
+  (check-equal-values? (parse "git://github.com/racket/fish/?path=../bill" #f #rx"indicator") (values #f 'github #f))
 
   (check-equal-values? (parse "git://not-github.com/racket/fish" #f #f) (values "fish" 'git #t))
   (check-equal-values? (parse "git://not-github.com/fish" #f #f) (values "fish" 'git #t))
@@ -129,6 +130,7 @@
   (check-equal-values? (parse "git://not-github.com/.././" #f #rx"indicator") (values #f 'git #f))
   (check-equal-values? (parse "git://not-github.com/racket/fish" 'clone #f) (values "fish" 'clone #t))
   (check-equal-values? (parse "git://not-github.com/.././" 'clone #rx"indicator") (values #f 'clone #f))
+  (check-equal-values? (parse "git://not-github.com/fish/?path=../bill" #f #rx"indicator") (values #f 'git #f))
 
   (check-equal-values? (parse "http://racket-lang.org/racket/fish" 'git #f) (values "fish" 'git #t))
   (check-equal-values? (parse "https://racket-lang.org/racket/fish" 'git #f) (values "fish" 'git #t))
diff --git a/racket/collects/pkg/name.rkt b/racket/collects/pkg/name.rkt
index a97348382d..2620a7c7bd 100644
--- a/racket/collects/pkg/name.rkt
+++ b/racket/collects/pkg/name.rkt
@@ -196,6 +196,13 @@
                                         (complain "URL path ends with a directory indicator"))
                                    (cor ((num-empty p) . < . 2)
                                         (complain "URL path ends with two empty elements"))))
+                              (let ([a (assoc 'path (url-query url))])
+                                (or (not a)
+                                    (not (cdr a))
+                                    (cor (for/and ([e (in-list (string-split (cdr a) "/"))])
+                                           (not (or (equal? e ".")
+                                                    (equal? e ".."))))
+                                         (complain "path query includes a directory indicator"))))
                               (extract-git-name url p complain-name))
                          ;; github://
                          (let ([p (if (equal? "" (path/param-path (last p)))