Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.

Transitive dependency cross-spawn 7.0.3 is introduced via
@docusaurus/core 3.6.0 ... cross-spawn 7.0.3
@docusaurus/preset-classic 3.6.0 ... cross-spawn 7.0.3