diff --git a/database/java/2020/14060.yaml b/database/java/2020/14060.yaml
new file mode 100644
index 0000000000..bca885b9b9
--- /dev/null
+++ b/database/java/2020/14060.yaml
@@ -0,0 +1,18 @@
+---
+cve: 2020-14060
+title: CVE in com.fasterxml.jackson.core:jackson-databind
+description: >
+    FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).
+cvss_v2: 6.8
+references:
+    - https://github.com/FasterXML/jackson-databind/issues/2688
+    - https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html
+    - https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
+    - https://security.netapp.com/advisory/ntap-20200702-0003/
+affected:
+    - groupId: com.fasterxml.jackson.core
+      artifactId: jackson-databind
+      version:
+        - "<=2.9.10.4"
+      fixedin:
+        - ">=2.9.10.5"