diff --git a/nvm.sh b/nvm.sh
index bc80f34..390ee0d 100755
--- a/nvm.sh
+++ b/nvm.sh
@@ -2247,7 +2247,7 @@ nvm_get_mirror() {
   esac
 
 
-  if ! nvm_echo "${NVM_MIRROR}" | command awk '{ $0 ~ "^https?://[a-zA-Z0-9./_-]+$" }'; then
+  if ! nvm_echo "${NVM_MIRROR}" | command awk '{ if ($0 !~ /^https?:\/\/[a-zA-Z0-9.\/_-]+$/) exit 1 }'; then
       nvm_err '$NVM_NODEJS_ORG_MIRROR and $NVM_IOJS_ORG_MIRROR may only contain a URL'
       return 2
   fi
diff --git a/test/fast/Unit tests/nvm_get_mirror b/test/fast/Unit tests/nvm_get_mirror
index a8a4255..0c16ff4 100755
--- a/test/fast/Unit tests/nvm_get_mirror	
+++ b/test/fast/Unit tests/nvm_get_mirror	
@@ -46,3 +46,9 @@ testMirrors '`do something bad`'
 testMirrors 'https://nodejs.org/dist; xdg-open http://www.google.com;'
 testMirrors 'https://nodejs.org/dist&&xdg-open http://www.google.com;'
 testMirrors 'https://nodejs.org/dist|xdg-open http://www.google.com;'
+
+# Test that awk URL validation rejects non-URL values
+testMirrors 'not a url'
+testMirrors 'ftp://wrong-scheme'
+testMirrors 'http://'
+testMirrors 'javascript:alert(1)'